Add debug

Add debug info
Remove test cases
2026-04-14 21:46:19 -04:00 · 2024-08-15 17:59:44 +02:00 · 2024-08-15 17:54:21 +02:00 · 2024-08-15 17:51:56 +02:00 · 2024-08-15 17:48:54 +02:00 · 2024-08-15 17:44:01 +02:00
191 changed files with 2263 additions and 7276 deletions
--- a/.github/ISSUE_TEMPLATE/bug-issue-report.md
+++ b/.github/ISSUE_TEMPLATE/bug-issue-report.md
@@ -31,14 +31,9 @@ Please specify whether you use NetBird Cloud or self-host NetBird's control plan

 `netbird version`

-**NetBird status -dA output:**
+**NetBird status -d output:**

-If applicable, add the `netbird status -dA' command output.
-
-**Do you face any (non-mobile) client issues?**
-
-Please provide the file created by `netbird debug for 1m -AS`.
-We advise reviewing the anonymized files for any remaining PII.
+If applicable, add the `netbird status -d' command output.

 **Screenshots**

--- a/.github/workflows/golang-test-darwin.yml
+++ b/.github/workflows/golang-test-darwin.yml
@@ -1,4 +1,4 @@
-name: Test Code Darwin
+name: Test Code Linux

 on:
  push:
@@ -11,29 +11,27 @@ concurrency:
  cancel-in-progress: true

 jobs:
-  test:
-    strategy:
-      matrix:
-        store: ['sqlite']
-    runs-on: macos-latest
+  test_client_on_docker:
+    runs-on: ubuntu-20.04
    steps:
      - name: Install Go
        uses: actions/setup-go@v4
        with:
          go-version: "1.21.x"
-      - name: Checkout code
-        uses: actions/checkout@v3

      - name: Cache Go modules
        uses: actions/cache@v3
        with:
          path: ~/go/pkg/mod
-          key: macos-go-${{ hashFiles('**/go.sum') }}
+          key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
          restore-keys: |
-            macos-go-
+            ${{ runner.os }}-go-

-      - name: Install libpcap
-        run: brew install libpcap
+      - name: Checkout code
+        uses: actions/checkout@v3
+
+      - name: Install dependencies
+        run: sudo apt update && sudo apt install -y -q libgtk-3-dev libayatana-appindicator3-dev libgl1-mesa-dev xorg-dev gcc-multilib libpcap-dev

      - name: Install modules
        run: go mod tidy
@@ -41,5 +39,5 @@ jobs:
      - name: check git status
        run: git --no-pager diff --exit-code

-      - name: Test
-        run: NETBIRD_STORE_ENGINE=${{ matrix.store }} go test -exec 'sudo --preserve-env=CI,NETBIRD_STORE_ENGINE' -timeout 5m -p 1 ./...
+      - name: Run test
+        run: go test ./client/internal/routemanager -run TestGetBestrouteFromStatuses
--- a/.github/workflows/golang-test-freebsd.yml
+++ b/.github/workflows/golang-test-freebsd.yml
@@ -1,46 +0,0 @@
-
-name: Test Code FreeBSD
-
-on:
-  push:
-    branches:
-      - main
-  pull_request:
-
-concurrency:
-  group: ${{ github.workflow }}-${{ github.ref }}-${{ github.head_ref || github.actor_id }}
-  cancel-in-progress: true
-
-jobs:
-  test:
-    runs-on: ubuntu-22.04
-    steps:
-      - uses: actions/checkout@v4
-      - name: Test in FreeBSD
-        id: test
-        uses: vmactions/freebsd-vm@v1
-        with:
-          usesh: true
-          copyback: false
-          release: "14.1"
-          prepare: |
-            pkg install -y go
-
-          # -x - to print all executed commands
-          # -e - to faile on first error
-          run: |
-            set -e -x
-            time go build -o netbird client/main.go
-            # check all component except management, since we do not support management server on freebsd
-            time go test -timeout 1m -failfast ./base62/...
-            # NOTE: without -p1 `client/internal/dns` will fail becasue of `listen udp4 :33100: bind: address already in use`
-            time go test -timeout 8m -failfast -p 1 ./client/...
-            time go test -timeout 1m -failfast ./dns/...
-            time go test -timeout 1m -failfast ./encryption/...
-            time go test -timeout 1m -failfast ./formatter/...
-            time go test -timeout 1m -failfast ./iface/...
-            time go test -timeout 1m -failfast ./route/...
-            time go test -timeout 1m -failfast ./sharedsock/...
-            time go test -timeout 1m -failfast ./signal/...
-            time go test -timeout 1m -failfast ./util/...
-            time go test -timeout 1m -failfast ./version/...
--- a/.github/workflows/golang-test-linux.yml
+++ b/.github/workflows/golang-test-linux.yml
@@ -1,127 +0,0 @@
-name: Test Code Linux
-
-on:
-  push:
-    branches:
-      - main
-  pull_request:
-
-concurrency:
-  group: ${{ github.workflow }}-${{ github.ref }}-${{ github.head_ref || github.actor_id }}
-  cancel-in-progress: true
-
-jobs:
-  test:
-    strategy:
-      matrix:
-        arch: [ '386','amd64' ]
-        store: [ 'sqlite', 'postgres']
-    runs-on: ubuntu-latest
-    steps:
-      - name: Install Go
-        uses: actions/setup-go@v4
-        with:
-          go-version: "1.21.x"
-
-
-      - name: Cache Go modules
-        uses: actions/cache@v3
-        with:
-          path: ~/go/pkg/mod
-          key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
-          restore-keys: |
-            ${{ runner.os }}-go-
-
-      - name: Checkout code
-        uses: actions/checkout@v3
-
-      - name: Install dependencies
-        run: sudo apt update && sudo apt install -y -q libgtk-3-dev libayatana-appindicator3-dev libgl1-mesa-dev xorg-dev gcc-multilib libpcap-dev
-
-      - name: Install 32-bit libpcap
-        if: matrix.arch == '386'
-        run: sudo dpkg --add-architecture i386 && sudo apt update && sudo apt-get install -y libpcap0.8-dev:i386
-
-      - name: Install modules
-        run: go mod tidy
-
-      - name: check git status
-        run: git --no-pager diff --exit-code
-
-      - name: Test
-        run: CGO_ENABLED=1 GOARCH=${{ matrix.arch }} NETBIRD_STORE_ENGINE=${{ matrix.store }} go test -exec 'sudo --preserve-env=CI,NETBIRD_STORE_ENGINE' -timeout 5m -p 1 ./...
-
-  test_client_on_docker:
-    runs-on: ubuntu-20.04
-    steps:
-      - name: Install Go
-        uses: actions/setup-go@v4
-        with:
-          go-version: "1.21.x"
-
-      - name: Cache Go modules
-        uses: actions/cache@v3
-        with:
-          path: ~/go/pkg/mod
-          key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
-          restore-keys: |
-            ${{ runner.os }}-go-
-
-      - name: Checkout code
-        uses: actions/checkout@v3
-
-      - name: Install dependencies
-        run: sudo apt update && sudo apt install -y -q libgtk-3-dev libayatana-appindicator3-dev libgl1-mesa-dev xorg-dev gcc-multilib libpcap-dev
-
-      - name: Install modules
-        run: go mod tidy
-
-      - name: check git status
-        run: git --no-pager diff --exit-code
-
-      - name: Generate Iface Test bin
-        run: CGO_ENABLED=0 go test -c -o iface-testing.bin ./iface/
-
-      - name: Generate Shared Sock Test bin
-        run: CGO_ENABLED=0 go test -c -o sharedsock-testing.bin ./sharedsock
-
-      - name: Generate RouteManager Test bin
-        run: CGO_ENABLED=0 go test -c -o routemanager-testing.bin  ./client/internal/routemanager
-
-      - name: Generate SystemOps Test bin
-        run: CGO_ENABLED=1 go test -c -o systemops-testing.bin -tags netgo -ldflags '-w -extldflags "-static -ldbus-1 -lpcap"' ./client/internal/routemanager/systemops
-
-      - name: Generate nftables Manager Test bin
-        run: CGO_ENABLED=0 go test -c -o nftablesmanager-testing.bin ./client/firewall/nftables/...
-
-      - name: Generate Engine Test bin
-        run: CGO_ENABLED=1 go test -c -o engine-testing.bin ./client/internal
-
-      - name: Generate Peer Test bin
-        run: CGO_ENABLED=0 go test -c -o peer-testing.bin ./client/internal/peer/...
-
-      - run: chmod +x *testing.bin
-
-      - name: Run Shared Sock tests in docker
-        run: docker run -t --cap-add=NET_ADMIN --privileged --rm -v $PWD:/ci -w /ci/sharedsock --entrypoint /busybox/sh gcr.io/distroless/base:debug -c /ci/sharedsock-testing.bin -test.timeout 5m -test.parallel 1
-
-      - name: Run Iface tests in docker
-        run: docker run -t --cap-add=NET_ADMIN --privileged --rm -v $PWD:/ci -w /ci/iface --entrypoint /busybox/sh gcr.io/distroless/base:debug -c /ci/iface-testing.bin -test.timeout 5m -test.parallel 1
-
-      - name: Run RouteManager tests in docker
-        run: docker run -t --cap-add=NET_ADMIN --privileged --rm -v $PWD:/ci -w /ci/client/internal/routemanager --entrypoint /busybox/sh gcr.io/distroless/base:debug -c /ci/routemanager-testing.bin  -test.timeout 5m -test.parallel 1
-
-      - name: Run SystemOps tests in docker
-        run: docker run -t --cap-add=NET_ADMIN --privileged --rm -v $PWD:/ci -w /ci/client/internal/routemanager/systemops --entrypoint /busybox/sh gcr.io/distroless/base:debug -c /ci/systemops-testing.bin  -test.timeout 5m -test.parallel 1
-
-      - name: Run nftables Manager tests in docker
-        run: docker run -t --cap-add=NET_ADMIN --privileged --rm -v $PWD:/ci -w /ci/client/firewall --entrypoint /busybox/sh gcr.io/distroless/base:debug -c /ci/nftablesmanager-testing.bin  -test.timeout 5m -test.parallel 1
-
-      - name: Run Engine tests in docker with file store
-        run: docker run -t --cap-add=NET_ADMIN --privileged --rm -v $PWD:/ci -w /ci/client/internal -e NETBIRD_STORE_ENGINE="jsonfile" --entrypoint /busybox/sh gcr.io/distroless/base:debug -c /ci/engine-testing.bin  -test.timeout 5m -test.parallel 1
-
-      - name: Run Engine tests in docker with sqlite store
-        run: docker run -t --cap-add=NET_ADMIN --privileged --rm -v $PWD:/ci -w /ci/client/internal -e NETBIRD_STORE_ENGINE="sqlite" --entrypoint /busybox/sh gcr.io/distroless/base:debug -c /ci/engine-testing.bin  -test.timeout 5m -test.parallel 1
-
-      - name: Run Peer tests in docker
-        run: docker run -t --cap-add=NET_ADMIN --privileged --rm -v $PWD:/ci -w /ci/client/internal/peer  --entrypoint /busybox/sh gcr.io/distroless/base:debug -c /ci/peer-testing.bin  -test.timeout 5m -test.parallel 1
--- a/.github/workflows/golang-test-windows.yml
+++ b/.github/workflows/golang-test-windows.yml
@@ -1,52 +0,0 @@
-name: Test Code Windows
-
-on:
-  push:
-    branches:
-      - main
-  pull_request:
-
-env:
-  downloadPath: '${{ github.workspace }}\temp'
-concurrency:
-  group: ${{ github.workflow }}-${{ github.ref }}-${{ github.head_ref || github.actor_id }}
-  cancel-in-progress: true
-
-jobs:
-  test:
-    runs-on: windows-latest
-    steps:
-      - name: Checkout code
-        uses: actions/checkout@v3
-
-      - name: Install Go
-        uses: actions/setup-go@v4
-        id: go
-        with:
-          go-version: "1.21.x"
-
-      - name: Download wintun
-        uses: carlosperate/download-file-action@v2
-        id: download-wintun
-        with:
-          file-url: https://pkgs.netbird.io/wintun/wintun-0.14.1.zip
-          file-name: wintun.zip
-          location: ${{ env.downloadPath }}
-          sha256: '07c256185d6ee3652e09fa55c0b673e2624b565e02c4b9091c79ca7d2f24ef51'
-
-      - name: Decompressing wintun files
-        run: tar -zvxf "${{ steps.download-wintun.outputs.file-path }}" -C ${{ env.downloadPath }}
-
-      - run: mv ${{ env.downloadPath }}/wintun/bin/amd64/wintun.dll 'C:\Windows\System32\'
-
-      - run: choco install -y sysinternals --ignore-checksums
-      - run: choco install -y mingw
-
-      - run: PsExec64 -s -w ${{ github.workspace }} C:\hostedtoolcache\windows\go\${{ steps.go.outputs.go-version }}\x64\bin\go.exe env -w GOMODCACHE=C:\Users\runneradmin\go\pkg\mod
-      - run: PsExec64 -s -w ${{ github.workspace }} C:\hostedtoolcache\windows\go\${{ steps.go.outputs.go-version }}\x64\bin\go.exe env -w GOCACHE=C:\Users\runneradmin\AppData\Local\go-build
-
-      - name: test
-        run: PsExec64 -s -w ${{ github.workspace }} cmd.exe /c "C:\hostedtoolcache\windows\go\${{ steps.go.outputs.go-version }}\x64\bin\go.exe test -timeout 10m -p 1 ./... > test-out.txt 2>&1"
-      - name: test output
-        if: ${{ always() }}
-        run: Get-Content test-out.txt
--- a/.github/workflows/golangci-lint.yml
+++ b/.github/workflows/golangci-lint.yml
@@ -1,52 +0,0 @@
-name: golangci-lint
-on: [pull_request]
-
-permissions:
-  contents: read
-  pull-requests: read
-
-concurrency:
-  group: ${{ github.workflow }}-${{ github.ref }}-${{ github.head_ref || github.actor_id }}
-  cancel-in-progress: true
-
-jobs:
-  codespell:
-    name: codespell
-    runs-on: ubuntu-latest
-    steps:
-      - name: Checkout code
-        uses: actions/checkout@v3
-      - name: codespell
-        uses: codespell-project/actions-codespell@v2
-        with:
-          ignore_words_list: erro,clienta,hastable,
-          skip: go.mod,go.sum
-          only_warn: 1
-  golangci:
-    strategy:
-      fail-fast: false
-      matrix:
-        os: [macos-latest, windows-latest, ubuntu-latest]
-    name: lint
-    runs-on: ${{ matrix.os }}
-    timeout-minutes: 15
-    steps:
-      - name: Checkout code
-        uses: actions/checkout@v3
-      - name: Check for duplicate constants
-        if: matrix.os == 'ubuntu-latest'
-        run: |
-          ! awk '/const \(/,/)/{print $0}' management/server/activity/codes.go | grep -o '= [0-9]*' | sort | uniq -d | grep .
-      - name: Install Go
-        uses: actions/setup-go@v4
-        with:
-          go-version: "1.21.x"
-          cache: false
-      - name: Install dependencies
-        if: matrix.os == 'ubuntu-latest'
-        run: sudo apt update && sudo apt install -y -q libgtk-3-dev libayatana-appindicator3-dev libgl1-mesa-dev xorg-dev libpcap-dev
-      - name: golangci-lint
-        uses: golangci/golangci-lint-action@v3
-        with:
-          version: latest
-          args: --timeout=12m
--- a/.github/workflows/install-script-test.yml
+++ b/.github/workflows/install-script-test.yml
@@ -1,36 +0,0 @@
-name: Test installation
-
-on:
-  push:
-    branches:
-      - main
-  pull_request:
-    paths:
-      - "release_files/install.sh"
-concurrency:
-  group: ${{ github.workflow }}-${{ github.ref }}-${{ github.head_ref || github.actor_id }}
-  cancel-in-progress: true
-jobs:
-  test-install-script:
-    strategy:
-      max-parallel: 2
-      matrix:
-        os: [ubuntu-latest, macos-latest]
-        skip_ui_mode: [true, false]
-        install_binary: [true, false]
-    runs-on: ${{ matrix.os }}
-    steps:
-      - name: Checkout code
-        uses: actions/checkout@v3
-
-      - name: run install script
-        env:
-          SKIP_UI_APP: ${{ matrix.skip_ui_mode }}
-          USE_BIN_INSTALL: ${{ matrix.install_binary }}
-          GITHUB_TOKEN: ${{ secrets.RO_API_CALLER_TOKEN }}
-        run: |
-          [ "$SKIP_UI_APP" == "false" ] && export XDG_CURRENT_DESKTOP="none"
-          cat release_files/install.sh | sh -x
-
-      - name: check cli binary
-        run: command -v netbird
--- a/.github/workflows/mobile-build-validation.yml
+++ b/.github/workflows/mobile-build-validation.yml
@@ -1,65 +0,0 @@
-name: Mobile build validation
-
-on:
-  push:
-    branches:
-      - main
-  pull_request:
-
-concurrency:
-  group: ${{ github.workflow }}-${{ github.ref }}-${{ github.head_ref || github.actor_id }}
-  cancel-in-progress: true
-
-jobs:
-  android_build:
-    runs-on: ubuntu-latest
-    steps:
-      - name: Checkout repository
-        uses: actions/checkout@v3
-      - name: Install Go
-        uses: actions/setup-go@v4
-        with:
-          go-version: "1.21.x"
-      - name: Setup Android SDK
-        uses: android-actions/setup-android@v3
-        with:
-          cmdline-tools-version: 8512546
-      - name: Setup Java
-        uses: actions/setup-java@v3
-        with:
-          java-version: "11"
-          distribution: "adopt"
-      - name: NDK Cache
-        id: ndk-cache
-        uses: actions/cache@v3
-        with:
-          path: /usr/local/lib/android/sdk/ndk
-          key: ndk-cache-23.1.7779620
-      - name: Setup NDK
-        run: /usr/local/lib/android/sdk/cmdline-tools/7.0/bin/sdkmanager --install "ndk;23.1.7779620"
-      - name: install gomobile
-        run: go install golang.org/x/mobile/cmd/gomobile@v0.0.0-20240404231514-09dbf07665ed
-      - name: gomobile init
-        run: gomobile init
-      - name: build android netbird lib
-        run: PATH=$PATH:$(go env GOPATH) gomobile bind -o $GITHUB_WORKSPACE/netbird.aar -javapkg=io.netbird.gomobile -ldflags="-X golang.zx2c4.com/wireguard/ipc.socketDirectory=/data/data/io.netbird.client/cache/wireguard -X github.com/netbirdio/netbird/version.version=buildtest"  $GITHUB_WORKSPACE/client/android
-        env:
-          CGO_ENABLED: 0
-          ANDROID_NDK_HOME: /usr/local/lib/android/sdk/ndk/23.1.7779620
-  ios_build:
-    runs-on: macos-latest
-    steps:
-      - name: Checkout repository
-        uses: actions/checkout@v3
-      - name: Install Go
-        uses: actions/setup-go@v4
-        with:
-          go-version: "1.21.x"
-      - name: install gomobile
-        run: go install golang.org/x/mobile/cmd/gomobile@v0.0.0-20240404231514-09dbf07665ed
-      - name: gomobile init
-        run: gomobile init
-      - name: build iOS netbird lib
-        run: PATH=$PATH:$(go env GOPATH) gomobile bind -target=ios -bundleid=io.netbird.framework -ldflags="-X github.com/netbirdio/netbird/version.version=buildtest" -o ./NetBirdSDK.xcframework ./client/ios/NetBirdSDK
-        env:
-          CGO_ENABLED: 0
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -1,246 +0,0 @@
-name: Release
-
-on:
-  push:
-    tags:
-      - 'v*'
-    branches:
-      - main
-  pull_request:
-
-
-env:
-  SIGN_PIPE_VER: "v0.0.14"
-  GORELEASER_VER: "v1.14.1"
-  PRODUCT_NAME: "NetBird"
-  COPYRIGHT: "Wiretrustee UG (haftungsbeschreankt)"
-
-concurrency:
-  group: ${{ github.workflow }}-${{ github.ref }}-${{ github.head_ref || github.actor_id }}
-  cancel-in-progress: true
-
-jobs:
-  release:
-    runs-on: ubuntu-latest
-    env:
-      flags: ""
-    steps:
-      - name: Parse semver string
-        id: semver_parser
-        uses: booxmedialtd/ws-action-parse-semver@v1
-        with:
-          input_string: ${{ (startsWith(github.ref, 'refs/tags/v') && github.ref) || 'refs/tags/v0.0.0' }}
-          version_extractor_regex: '\/v(.*)$'
-
-      - if: ${{ !startsWith(github.ref, 'refs/tags/v') }}
-        run: echo "flags=--snapshot" >> $GITHUB_ENV
-      -
-        name: Checkout
-        uses: actions/checkout@v3
-        with:
-          fetch-depth: 0 # It is required for GoReleaser to work properly
-      -
-        name: Set up Go
-        uses: actions/setup-go@v4
-        with:
-          go-version: "1.21"
-          cache: false
-      -
-        name: Cache Go modules
-        uses: actions/cache@v3
-        with:
-          path: |
-            ~/go/pkg/mod
-            ~/.cache/go-build
-          key: ${{ runner.os }}-go-releaser-${{ hashFiles('**/go.sum') }}
-          restore-keys: |
-            ${{ runner.os }}-go-releaser-
-      -
-        name: Install modules
-        run: go mod tidy
-      -
-        name: check git status
-        run: git --no-pager diff --exit-code
-      -
-        name: Set up QEMU
-        uses: docker/setup-qemu-action@v2
-      -
-        name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v2
-      -
-        name: Login to Docker hub
-        if: github.event_name != 'pull_request'
-        uses: docker/login-action@v1
-        with:
-          username: netbirdio
-          password: ${{ secrets.DOCKER_TOKEN }}
-      - name: Install OS build dependencies
-        run: sudo apt update && sudo apt install -y -q gcc-arm-linux-gnueabihf gcc-aarch64-linux-gnu
-
-      - name: Install goversioninfo
-        run: go install github.com/josephspurrier/goversioninfo/cmd/goversioninfo@233067e
-      - name: Generate windows syso amd64
-        run: goversioninfo  -icon client/ui/netbird.ico -manifest client/manifest.xml -product-name ${{ env.PRODUCT_NAME }} -copyright "${{ env.COPYRIGHT }}" -ver-major ${{ steps.semver_parser.outputs.major }} -ver-minor ${{ steps.semver_parser.outputs.minor }} -ver-patch ${{ steps.semver_parser.outputs.patch }} -ver-build 0 -file-version ${{ steps.semver_parser.outputs.fullversion }}.0 -product-version ${{ steps.semver_parser.outputs.fullversion }}.0 -o client/resources_windows_amd64.syso
-      - name: Run GoReleaser
-        uses: goreleaser/goreleaser-action@v4
-        with:
-          version: ${{ env.GORELEASER_VER }}
-          args: release --rm-dist ${{ env.flags }}
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-          HOMEBREW_TAP_GITHUB_TOKEN: ${{ secrets.HOMEBREW_TAP_GITHUB_TOKEN }}
-          UPLOAD_DEBIAN_SECRET: ${{ secrets.PKG_UPLOAD_SECRET }}
-          UPLOAD_YUM_SECRET: ${{ secrets.PKG_UPLOAD_SECRET }}
-      -
-        name: upload non tags for debug purposes
-        uses: actions/upload-artifact@v3
-        with:
-          name: release
-          path: dist/
-          retention-days: 3
-      -
-        name: upload linux packages
-        uses: actions/upload-artifact@v3
-        with:
-          name: linux-packages
-          path: dist/netbird_linux**
-          retention-days: 3
-      -
-        name: upload windows packages
-        uses: actions/upload-artifact@v3
-        with:
-          name: windows-packages
-          path: dist/netbird_windows**
-          retention-days: 3
-      -
-        name: upload macos packages
-        uses: actions/upload-artifact@v3
-        with:
-          name: macos-packages
-          path: dist/netbird_darwin**
-          retention-days: 3
-
-  release_ui:
-    runs-on: ubuntu-latest
-    steps:
-      - name: Parse semver string
-        id: semver_parser
-        uses: booxmedialtd/ws-action-parse-semver@v1
-        with:
-          input_string: ${{ (startsWith(github.ref, 'refs/tags/v') && github.ref) || 'refs/tags/v0.0.0' }}
-          version_extractor_regex: '\/v(.*)$'
-
-      - if: ${{ !startsWith(github.ref, 'refs/tags/v') }}
-        run: echo "flags=--snapshot" >> $GITHUB_ENV
-      - name: Checkout
-        uses: actions/checkout@v3
-        with:
-          fetch-depth: 0 # It is required for GoReleaser to work properly
-
-      - name: Set up Go
-        uses: actions/setup-go@v4
-        with:
-          go-version: "1.21"
-          cache: false
-      - name: Cache Go modules
-        uses: actions/cache@v3
-        with:
-          path: | 
-            ~/go/pkg/mod
-            ~/.cache/go-build
-          key: ${{ runner.os }}-ui-go-releaser-${{ hashFiles('**/go.sum') }}
-          restore-keys: |
-            ${{ runner.os }}-ui-go-releaser-
-
-      - name: Install modules
-        run: go mod tidy
-
-      - name: check git status
-        run: git --no-pager diff --exit-code
-
-      - name: Install dependencies
-        run: sudo apt update && sudo apt install -y -q libappindicator3-dev gir1.2-appindicator3-0.1 libxxf86vm-dev gcc-mingw-w64-x86-64
-      - name: Install goversioninfo
-        run: go install github.com/josephspurrier/goversioninfo/cmd/goversioninfo@233067e
-      - name: Generate windows syso amd64
-        run: goversioninfo -64 -icon client/ui/netbird.ico -manifest client/ui/manifest.xml -product-name ${{ env.PRODUCT_NAME }}-"UI" -copyright "${{ env.COPYRIGHT }}" -ver-major ${{ steps.semver_parser.outputs.major }} -ver-minor ${{ steps.semver_parser.outputs.minor }} -ver-patch ${{ steps.semver_parser.outputs.patch }} -ver-build 0 -file-version ${{ steps.semver_parser.outputs.fullversion }}.0 -product-version ${{ steps.semver_parser.outputs.fullversion }}.0 -o client/ui/resources_windows_amd64.syso
-
-      - name: Run GoReleaser
-        uses: goreleaser/goreleaser-action@v4
-        with:
-          version: ${{ env.GORELEASER_VER }}
-          args: release --config .goreleaser_ui.yaml --rm-dist ${{ env.flags }}
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-          HOMEBREW_TAP_GITHUB_TOKEN: ${{ secrets.HOMEBREW_TAP_GITHUB_TOKEN }}
-          UPLOAD_DEBIAN_SECRET: ${{ secrets.PKG_UPLOAD_SECRET }}
-          UPLOAD_YUM_SECRET: ${{ secrets.PKG_UPLOAD_SECRET }}
-      - name: upload non tags for debug purposes
-        uses: actions/upload-artifact@v3
-        with:
-          name: release-ui
-          path: dist/
-          retention-days: 3
-
-  release_ui_darwin:
-    runs-on: macos-latest
-    steps:
-      - if: ${{ !startsWith(github.ref, 'refs/tags/v') }}
-        run: echo "flags=--snapshot" >> $GITHUB_ENV
-      -
-        name: Checkout
-        uses: actions/checkout@v3
-        with:
-          fetch-depth: 0 # It is required for GoReleaser to work properly
-      -
-        name: Set up Go
-        uses: actions/setup-go@v4
-        with:
-          go-version: "1.21"
-          cache: false
-      -
-        name: Cache Go modules
-        uses: actions/cache@v3
-        with:
-          path: |
-            ~/go/pkg/mod
-            ~/.cache/go-build
-          key: ${{ runner.os }}-ui-go-releaser-darwin-${{ hashFiles('**/go.sum') }}
-          restore-keys: |
-            ${{ runner.os }}-ui-go-releaser-darwin-
-      -
-        name: Install modules
-        run: go mod tidy
-      - 
-        name: check git status
-        run: git --no-pager diff --exit-code
-      -
-        name: Run GoReleaser
-        id: goreleaser
-        uses: goreleaser/goreleaser-action@v4
-        with:
-          version: ${{ env.GORELEASER_VER }}
-          args: release --config .goreleaser_ui_darwin.yaml --rm-dist ${{ env.flags }}
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-      -
-        name: upload non tags for debug purposes
-        uses: actions/upload-artifact@v3
-        with:
-          name: release-ui-darwin
-          path: dist/
-          retention-days: 3
-
-  trigger_signer:
-    runs-on: ubuntu-latest
-    needs: [release,release_ui,release_ui_darwin]
-    if: startsWith(github.ref, 'refs/tags/')
-    steps:
-      - name: Trigger binaries sign pipelines
-        uses: benc-uk/workflow-dispatch@v1
-        with:
-          workflow: Sign bin and installer
-          repo: netbirdio/sign-pipelines
-          ref: ${{ env.SIGN_PIPE_VER }}
-          token: ${{ secrets.SIGN_GITHUB_TOKEN }}
-          inputs: '{ "tag": "${{ github.ref }}" }'
--- a/.github/workflows/sync-main.yml
+++ b/.github/workflows/sync-main.yml
@@ -1,22 +0,0 @@
-name: sync main
-
-on:
-  push:
-    branches:
-      - main
-
-concurrency:
-  group: ${{ github.workflow }}-${{ github.ref }}-${{ github.head_ref || github.actor_id }}
-  cancel-in-progress: true
-
-jobs:
-  trigger_sync_main:
-    runs-on: ubuntu-latest
-    steps:
-      - name: Trigger main branch sync
-        uses: benc-uk/workflow-dispatch@v1
-        with:
-          workflow: sync-main.yml
-          repo: ${{ secrets.UPSTREAM_REPO }}
-          token: ${{ secrets.NC_GITHUB_TOKEN }}
-          inputs: '{ "sha": "${{ github.sha }}" }'
--- a/.github/workflows/sync-tag.yml
+++ b/.github/workflows/sync-tag.yml
@@ -1,23 +0,0 @@
-name: sync tag
-
-on:
-  push:
-    tags:
-      - 'v*'
-
-concurrency:
-  group: ${{ github.workflow }}-${{ github.ref }}-${{ github.head_ref || github.actor_id }}
-  cancel-in-progress: true
-
-jobs:
-  trigger_sync_tag:
-    runs-on: ubuntu-latest
-    steps:
-      - name: Trigger release tag sync
-        uses: benc-uk/workflow-dispatch@v1
-        with:
-          workflow: sync-tag.yml
-          ref: main
-          repo: ${{ secrets.UPSTREAM_REPO }}
-          token: ${{ secrets.NC_GITHUB_TOKEN }}
-          inputs: '{ "tag": "${{ github.ref_name }}" }'
--- a/.github/workflows/test-infrastructure-files.yml
+++ b/.github/workflows/test-infrastructure-files.yml
@@ -1,293 +0,0 @@
-name: Test Infrastructure files
-
-on:
-  push:
-    branches:
-      - main
-  pull_request:
-    paths:
-      - 'infrastructure_files/**'
-      - '.github/workflows/test-infrastructure-files.yml'
-      - 'management/cmd/**'
-      - 'signal/cmd/**'
-
-concurrency:
-  group: ${{ github.workflow }}-${{ github.ref }}-${{ github.head_ref || github.actor_id }}
-  cancel-in-progress: true
-
-jobs:
-  test-docker-compose:
-    runs-on: ubuntu-latest
-    strategy:
-      matrix:
-        store: [ 'sqlite', 'postgres' ]
-    services:
-      postgres:
-        image: ${{ (matrix.store == 'postgres') && 'postgres' || '' }}
-        env:
-          POSTGRES_USER: netbird
-          POSTGRES_PASSWORD: postgres
-          POSTGRES_DB: netbird
-        options: >-
-          --health-cmd pg_isready
-          --health-interval 10s
-          --health-timeout 5s
-        ports:
-          - 5432:5432
-    steps:
-      - name: Set Database Connection String
-        run: |
-          if [ "${{ matrix.store }}" == "postgres" ]; then
-            echo "NETBIRD_STORE_ENGINE_POSTGRES_DSN=host=$(hostname -I | awk '{print $1}') user=netbird password=postgres dbname=netbird port=5432" >> $GITHUB_ENV
-          else
-            echo "NETBIRD_STORE_ENGINE_POSTGRES_DSN==" >> $GITHUB_ENV
-          fi
-
-      - name: Install jq
-        run: sudo apt-get install -y jq
-
-      - name: Install curl
-        run: sudo apt-get install -y curl
-
-      - name: Install Go
-        uses: actions/setup-go@v4
-        with:
-          go-version: "1.21.x"
-
-      - name: Cache Go modules
-        uses: actions/cache@v3
-        with:
-          path: ~/go/pkg/mod
-          key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
-          restore-keys: |
-            ${{ runner.os }}-go-
-
-      - name: Checkout code
-        uses: actions/checkout@v3
-
-      - name: cp setup.env
-        run: cp infrastructure_files/tests/setup.env infrastructure_files/
-
-      - name: run configure
-        working-directory: infrastructure_files
-        run: bash -x configure.sh
-        env:
-          CI_NETBIRD_DOMAIN: localhost
-          CI_NETBIRD_AUTH_CLIENT_ID: testing.client.id
-          CI_NETBIRD_AUTH_CLIENT_SECRET: testing.client.secret
-          CI_NETBIRD_AUTH_AUDIENCE: testing.ci
-          CI_NETBIRD_AUTH_OIDC_CONFIGURATION_ENDPOINT: https://example.eu.auth0.com/.well-known/openid-configuration
-          CI_NETBIRD_USE_AUTH0: true
-          CI_NETBIRD_MGMT_IDP: "none"
-          CI_NETBIRD_IDP_MGMT_CLIENT_ID: testing.client.id
-          CI_NETBIRD_IDP_MGMT_CLIENT_SECRET: testing.client.secret
-          CI_NETBIRD_AUTH_SUPPORTED_SCOPES: "openid profile email offline_access api email_verified"
-          CI_NETBIRD_STORE_CONFIG_ENGINE: ${{ matrix.store }}
-          NETBIRD_STORE_ENGINE_POSTGRES_DSN: ${{ env.NETBIRD_STORE_ENGINE_POSTGRES_DSN }}
-          CI_NETBIRD_MGMT_IDP_SIGNKEY_REFRESH: false
-
-      - name: check values
-        working-directory: infrastructure_files/artifacts
-        env:
-          CI_NETBIRD_DOMAIN: localhost
-          CI_NETBIRD_AUTH_CLIENT_ID: testing.client.id
-          CI_NETBIRD_AUTH_CLIENT_SECRET: testing.client.secret
-          CI_NETBIRD_AUTH_AUDIENCE: testing.ci
-          CI_NETBIRD_AUTH_OIDC_CONFIGURATION_ENDPOINT: https://example.eu.auth0.com/.well-known/openid-configuration
-          CI_NETBIRD_USE_AUTH0: true
-          CI_NETBIRD_AUTH_SUPPORTED_SCOPES: "openid profile email offline_access api email_verified"
-          CI_NETBIRD_AUTH_AUTHORITY: https://example.eu.auth0.com/
-          CI_NETBIRD_AUTH_JWT_CERTS: https://example.eu.auth0.com/.well-known/jwks.json
-          CI_NETBIRD_AUTH_TOKEN_ENDPOINT: https://example.eu.auth0.com/oauth/token
-          CI_NETBIRD_AUTH_DEVICE_AUTH_ENDPOINT: https://example.eu.auth0.com/oauth/device/code
-          CI_NETBIRD_AUTH_PKCE_AUTHORIZATION_ENDPOINT: https://example.eu.auth0.com/authorize
-          CI_NETBIRD_AUTH_REDIRECT_URI: "/peers"
-          CI_NETBIRD_TOKEN_SOURCE: "idToken"
-          CI_NETBIRD_AUTH_USER_ID_CLAIM: "email"
-          CI_NETBIRD_AUTH_DEVICE_AUTH_AUDIENCE: "super"
-          CI_NETBIRD_AUTH_DEVICE_AUTH_SCOPE: "openid email"
-          CI_NETBIRD_MGMT_IDP: "none"
-          CI_NETBIRD_IDP_MGMT_CLIENT_ID: testing.client.id
-          CI_NETBIRD_IDP_MGMT_CLIENT_SECRET: testing.client.secret
-          CI_NETBIRD_SIGNAL_PORT: 12345
-          CI_NETBIRD_STORE_CONFIG_ENGINE: ${{ matrix.store }}
-          NETBIRD_STORE_ENGINE_POSTGRES_DSN: '${{ env.NETBIRD_STORE_ENGINE_POSTGRES_DSN }}$'
-          CI_NETBIRD_MGMT_IDP_SIGNKEY_REFRESH: false
-          CI_NETBIRD_TURN_EXTERNAL_IP: "1.2.3.4"
-
-        run: |
-          set -x
-          grep AUTH_CLIENT_ID docker-compose.yml | grep $CI_NETBIRD_AUTH_CLIENT_ID
-          grep AUTH_CLIENT_SECRET docker-compose.yml | grep $CI_NETBIRD_AUTH_CLIENT_SECRET
-          grep AUTH_AUTHORITY docker-compose.yml | grep $CI_NETBIRD_AUTH_AUTHORITY
-          grep AUTH_AUDIENCE docker-compose.yml | grep $CI_NETBIRD_AUTH_AUDIENCE
-          grep AUTH_SUPPORTED_SCOPES docker-compose.yml | grep "$CI_NETBIRD_AUTH_SUPPORTED_SCOPES"
-          grep USE_AUTH0 docker-compose.yml | grep $CI_NETBIRD_USE_AUTH0
-          grep NETBIRD_MGMT_API_ENDPOINT docker-compose.yml | grep "$CI_NETBIRD_DOMAIN:33073"
-          grep AUTH_REDIRECT_URI docker-compose.yml | grep $CI_NETBIRD_AUTH_REDIRECT_URI
-          grep AUTH_SILENT_REDIRECT_URI docker-compose.yml | egrep 'AUTH_SILENT_REDIRECT_URI=$'
-          grep $CI_NETBIRD_SIGNAL_PORT docker-compose.yml | grep ':80'
-          grep LETSENCRYPT_DOMAIN docker-compose.yml | egrep 'LETSENCRYPT_DOMAIN=$'
-          grep NETBIRD_TOKEN_SOURCE docker-compose.yml | grep $CI_NETBIRD_TOKEN_SOURCE
-          grep AuthUserIDClaim management.json | grep $CI_NETBIRD_AUTH_USER_ID_CLAIM
-          grep -A 3 DeviceAuthorizationFlow management.json | grep -A 1 ProviderConfig | grep Audience | grep $CI_NETBIRD_AUTH_DEVICE_AUTH_AUDIENCE
-          grep -A 3 DeviceAuthorizationFlow management.json | grep -A 1 ProviderConfig | grep Audience | grep $CI_NETBIRD_AUTH_DEVICE_AUTH_AUDIENCE
-          grep Engine management.json  | grep "$CI_NETBIRD_STORE_CONFIG_ENGINE"
-          grep IdpSignKeyRefreshEnabled management.json | grep "$CI_NETBIRD_MGMT_IDP_SIGNKEY_REFRESH"
-          grep UseIDToken management.json | grep false
-          grep -A 1 IdpManagerConfig management.json | grep ManagerType | grep $CI_NETBIRD_MGMT_IDP
-          grep -A 3 IdpManagerConfig management.json | grep -A 1 ClientConfig | grep Issuer | grep $CI_NETBIRD_AUTH_AUTHORITY
-          grep -A 4 IdpManagerConfig management.json | grep -A 2 ClientConfig | grep TokenEndpoint | grep $CI_NETBIRD_AUTH_TOKEN_ENDPOINT
-          grep -A 5 IdpManagerConfig management.json | grep -A 3 ClientConfig | grep ClientID | grep $CI_NETBIRD_IDP_MGMT_CLIENT_ID
-          grep -A 6 IdpManagerConfig management.json | grep -A 4 ClientConfig | grep ClientSecret | grep $CI_NETBIRD_IDP_MGMT_CLIENT_SECRET
-          grep -A 7 IdpManagerConfig management.json | grep -A 5 ClientConfig | grep GrantType | grep client_credentials
-          grep -A 10 PKCEAuthorizationFlow management.json | grep -A 10 ProviderConfig | grep Audience | grep $CI_NETBIRD_AUTH_AUDIENCE
-          grep -A 10 PKCEAuthorizationFlow management.json | grep -A 10 ProviderConfig | grep ClientID | grep $CI_NETBIRD_AUTH_CLIENT_ID
-          grep -A 10 PKCEAuthorizationFlow management.json | grep -A 10 ProviderConfig | grep ClientSecret | grep $CI_NETBIRD_AUTH_CLIENT_SECRET
-          grep -A 10 PKCEAuthorizationFlow management.json | grep -A 10 ProviderConfig | grep AuthorizationEndpoint | grep $CI_NETBIRD_AUTH_PKCE_AUTHORIZATION_ENDPOINT
-          grep -A 10 PKCEAuthorizationFlow management.json | grep -A 10 ProviderConfig | grep TokenEndpoint | grep $CI_NETBIRD_AUTH_TOKEN_ENDPOINT
-          grep -A 10 PKCEAuthorizationFlow management.json | grep -A 10 ProviderConfig | grep Scope | grep "$CI_NETBIRD_AUTH_SUPPORTED_SCOPES"
-          grep -A 10 PKCEAuthorizationFlow management.json | grep -A 10 ProviderConfig | grep -A 3 RedirectURLs | grep "http://localhost:53000"
-          grep "external-ip" turnserver.conf | grep $CI_NETBIRD_TURN_EXTERNAL_IP
-          grep NETBIRD_STORE_ENGINE_POSTGRES_DSN docker-compose.yml | egrep "$NETBIRD_STORE_ENGINE_POSTGRES_DSN"
-          # check relay values
-          grep "NB_EXPOSED_ADDRESS=$CI_NETBIRD_DOMAIN:33445" docker-compose.yml
-          grep "NB_LISTEN_ADDRESS=:33445" docker-compose.yml
-          grep '33445:33445' docker-compose.yml
-          grep -A 10 'relay:' docker-compose.yml | egrep 'NB_AUTH_SECRET=.+$'
-          grep -A 7 Relay management.json | grep "rel://$CI_NETBIRD_DOMAIN:33445"
-          grep -A 7 Relay management.json | egrep '"Secret": ".+"'
-
-      - name: Install modules
-        run: go mod tidy
-
-      - name: check git status
-        run: git --no-pager diff --exit-code
-
-      - name: Build management binary
-        working-directory: management
-        run: CGO_ENABLED=1 go build -o netbird-mgmt main.go
-
-      - name: Build management docker image
-        working-directory: management
-        run: |
-          docker build -t netbirdio/management:latest .
-
-      - name: Build signal binary
-        working-directory: signal
-        run: CGO_ENABLED=0 go build -o netbird-signal main.go
-
-      - name: Build signal docker image
-        working-directory: signal
-        run: |
-          docker build -t netbirdio/signal:latest .
-
-      - name: Build relay binary
-        working-directory: relay
-        run: CGO_ENABLED=0 go build -o netbird-relay main.go
-
-      - name: Build relay docker image
-        working-directory: relay
-        run: |
-          docker build -t netbirdio/relay:latest .
-
-      - name: run docker compose up
-        working-directory: infrastructure_files/artifacts
-        run: |
-          docker compose up -d
-          sleep 5
-          docker compose ps
-          docker compose logs --tail=20
-
-      - name: test running containers
-        run: |
-          count=$(docker compose ps --format json | jq '. | select(.Name | contains("artifacts")) | .State' | grep -c running)
-          test $count -eq 5 || docker compose logs
-        working-directory: infrastructure_files/artifacts
-
-      - name: test geolocation databases
-        working-directory: infrastructure_files/artifacts
-        run: |
-          sleep 30
-          docker compose exec management ls -l /var/lib/netbird/ | grep -i GeoLite2-City_[0-9]*.mmdb
-          docker compose exec management ls -l /var/lib/netbird/ | grep -i geonames_[0-9]*.db
-
-  test-getting-started-script:
-    runs-on: ubuntu-latest
-    steps:
-      - name: Install jq
-        run: sudo apt-get install -y jq
-
-      - name: Checkout code
-        uses: actions/checkout@v3
-
-      - name: handle insisting image   # remove after release
-        run: docker pull netbirdio/relay:latest || docker pull netbirdio/signal:latest && docker tag netbirdio/signal:latest netbirdio/relay:latest
-
-      - name: run script with Zitadel PostgreSQL
-        run: NETBIRD_DOMAIN=use-ip bash -x infrastructure_files/getting-started-with-zitadel.sh
-
-      - name: test Caddy file gen postgres
-        run: test -f Caddyfile
-
-      - name: test docker-compose file gen postgres
-        run: test -f docker-compose.yml
-
-      - name: test management.json file gen postgres
-        run: test -f management.json
-
-      - name: test turnserver.conf file gen postgres
-        run: |
-          set -x
-          test -f turnserver.conf
-          grep external-ip turnserver.conf
-
-      - name: test zitadel.env file gen postgres
-        run: test -f zitadel.env
-
-      - name: test dashboard.env file gen postgres
-        run: test -f dashboard.env
-
-      - name: test relay.env file gen postgres
-        run: test -f relay.env
-
-      - name: test zdb.env file gen postgres
-        run: test -f zdb.env
-
-      - name: Postgres run cleanup
-        run: |
-          docker compose down --volumes --rmi all
-          rm -rf docker-compose.yml Caddyfile zitadel.env dashboard.env machinekey/zitadel-admin-sa.token turnserver.conf management.json zdb.env
-
-      - name: handle insisting image  gen CockroachDB # remove after release
-        run: docker pull netbirdio/relay:latest || docker pull netbirdio/signal:latest && docker tag netbirdio/signal:latest netbirdio/relay:latest
-
-      - name: run script with Zitadel CockroachDB
-        run: bash -x infrastructure_files/getting-started-with-zitadel.sh
-        env:
-          NETBIRD_DOMAIN: use-ip
-          ZITADEL_DATABASE: cockroach
-
-      - name: test Caddy file gen CockroachDB
-        run: test -f Caddyfile
-
-      - name: test docker-compose file gen CockroachDB
-        run: test -f docker-compose.yml
-
-      - name: test management.json file gen CockroachDB
-        run: test -f management.json
-
-      - name: test turnserver.conf file gen CockroachDB
-        run: |
-          set -x
-          test -f turnserver.conf
-          grep external-ip turnserver.conf
-
-      - name: test zitadel.env file gen CockroachDB
-        run: test -f zitadel.env
-
-      - name: test dashboard.env file gen CockroachDB
-        run: test -f dashboard.env
-
-      - name: test relay.env file gen CockroachDB
-        run: test -f relay.env
--- a/.github/workflows/update-docs.yml
+++ b/.github/workflows/update-docs.yml
@@ -1,22 +0,0 @@
-name: update docs
-
-on:
-  push:
-    tags:
-      - 'v*'
-    paths:
-      - 'management/server/http/api/openapi.yml'
-
-jobs:
-  trigger_docs_api_update:
-    runs-on: ubuntu-latest
-    if: startsWith(github.ref, 'refs/tags/')
-    steps:
-      - name: Trigger API pages generation
-        uses: benc-uk/workflow-dispatch@v1
-        with:
-          workflow: generate api pages
-          repo: netbirdio/docs
-          ref: "refs/heads/main"
-          token: ${{ secrets.SIGN_GITHUB_TOKEN }}
-          inputs: '{ "tag": "${{ github.ref }}" }'
--- a/.gitignore
+++ b/.gitignore
@@ -29,3 +29,4 @@ infrastructure_files/setup.env
 infrastructure_files/setup-*.env
 .vscode
 .DS_Store
+GeoLite2-City*
--- a/.goreleaser.yaml
+++ b/.goreleaser.yaml
@@ -80,20 +80,6 @@ builds:
      - -s -w -X github.com/netbirdio/netbird/version.version={{.Version}} -X main.commit={{.Commit}} -X main.date={{.CommitDate}} -X main.builtBy=goreleaser
    mod_timestamp: '{{ .CommitTimestamp }}'

-  - id: netbird-relay
-    dir: relay
-    env: [CGO_ENABLED=0]
-    binary: netbird-relay
-    goos:
-      - linux
-    goarch:
-      - amd64
-      - arm64
-      - arm
-    ldflags:
-      - -s -w -X github.com/netbirdio/netbird/version.version={{.Version}} -X main.commit={{.Commit}} -X main.date={{.CommitDate}} -X main.builtBy=goreleaser
-    mod_timestamp: '{{ .CommitTimestamp }}'
-
 archives:
  - builds:
      - netbird
@@ -175,52 +161,6 @@ dockers:
      - "--label=org.opencontainers.image.revision={{.FullCommit}}"
      - "--label=org.opencontainers.image.version={{.Version}}"
      - "--label=maintainer=dev@netbird.io"
-  - image_templates:
-      - netbirdio/relay:{{ .Version }}-amd64
-    ids:
-      - netbird-relay
-    goarch: amd64
-    use: buildx
-    dockerfile: relay/Dockerfile
-    build_flag_templates:
-      - "--platform=linux/amd64"
-      - "--label=org.opencontainers.image.created={{.Date}}"
-      - "--label=org.opencontainers.image.title={{.ProjectName}}"
-      - "--label=org.opencontainers.image.version={{.Version}}"
-      - "--label=org.opencontainers.image.revision={{.FullCommit}}"
-      - "--label=org.opencontainers.image.version={{.Version}}"
-      - "--label=maintainer=dev@netbird.io"
-  - image_templates:
-      - netbirdio/relay:{{ .Version }}-arm64v8
-    ids:
-      - netbird-relay
-    goarch: arm64
-    use: buildx
-    dockerfile: relay/Dockerfile
-    build_flag_templates:
-      - "--platform=linux/arm64"
-      - "--label=org.opencontainers.image.created={{.Date}}"
-      - "--label=org.opencontainers.image.title={{.ProjectName}}"
-      - "--label=org.opencontainers.image.version={{.Version}}"
-      - "--label=org.opencontainers.image.revision={{.FullCommit}}"
-      - "--label=org.opencontainers.image.version={{.Version}}"
-      - "--label=maintainer=dev@netbird.io"
-  - image_templates:
-      - netbirdio/relay:{{ .Version }}-arm
-    ids:
-      - netbird-relay
-    goarch: arm
-    goarm: 6
-    use: buildx
-    dockerfile: relay/Dockerfile
-    build_flag_templates:
-      - "--platform=linux/arm"
-      - "--label=org.opencontainers.image.created={{.Date}}"
-      - "--label=org.opencontainers.image.title={{.ProjectName}}"
-      - "--label=org.opencontainers.image.version={{.Version}}"
-      - "--label=org.opencontainers.image.revision={{.FullCommit}}"
-      - "--label=org.opencontainers.image.version={{.Version}}"
-      - "--label=maintainer=dev@netbird.io"
  - image_templates:
      - netbirdio/signal:{{ .Version }}-amd64
    ids:
@@ -373,18 +313,6 @@ docker_manifests:
      - netbirdio/netbird:{{ .Version }}-arm
      - netbirdio/netbird:{{ .Version }}-amd64

-  - name_template: netbirdio/relay:{{ .Version }}
-    image_templates:
-      - netbirdio/relay:{{ .Version }}-arm64v8
-      - netbirdio/relay:{{ .Version }}-arm
-      - netbirdio/relay:{{ .Version }}-amd64
-
-  - name_template: netbirdio/relay:latest
-    image_templates:
-      - netbirdio/relay:{{ .Version }}-arm64v8
-      - netbirdio/relay:{{ .Version }}-arm
-      - netbirdio/relay:{{ .Version }}-amd64
-
  - name_template: netbirdio/signal:{{ .Version }}
    image_templates:
      - netbirdio/signal:{{ .Version }}-arm64v8
@@ -458,4 +386,4 @@ checksum:
 release:
  extra_files:
    - glob: ./infrastructure_files/getting-started-with-zitadel.sh
-    - glob: ./release_files/install.sh
+    - glob: ./release_files/install.sh
--- a/.goreleaser_ui.yaml
+++ b/.goreleaser_ui.yaml
@@ -11,6 +11,8 @@ builds:
      - amd64
    ldflags:
      - -s -w -X github.com/netbirdio/netbird/version.version={{.Version}} -X main.commit={{.Commit}} -X main.date={{.CommitDate}} -X main.builtBy=goreleaser
+    tags:
+      - legacy_appindicator
    mod_timestamp: '{{ .CommitTimestamp }}'

  - id: netbird-ui-windows
--- a/README.md
+++ b/README.md
@@ -17,7 +17,7 @@
       <img src="https://img.shields.io/badge/license-BSD--3-blue" />
     </a> 
    <br>
-    <a href="https://join.slack.com/t/netbirdio/shared_invite/zt-2p5zwhm4g-8fHollzrQa5y4PZF5AEpvQ">
+    <a href="https://join.slack.com/t/netbirdio/shared_invite/zt-vrahf41g-ik1v7fV8du6t0RwxSrJ96A">
        <img src="https://img.shields.io/badge/slack-@netbird-red.svg?logo=slack"/>
     </a>    
  </p>
@@ -30,7 +30,7 @@
  <br/>
  See <a href="https://netbird.io/docs/">Documentation</a>
  <br/>
-   Join our <a href="https://join.slack.com/t/netbirdio/shared_invite/zt-2p5zwhm4g-8fHollzrQa5y4PZF5AEpvQ">Slack channel</a>
+   Join our <a href="https://join.slack.com/t/netbirdio/shared_invite/zt-vrahf41g-ik1v7fV8du6t0RwxSrJ96A">Slack channel</a>
  <br/>
 
 </strong>
--- a/client/Dockerfile
+++ b/client/Dockerfile
@@ -1,4 +1,4 @@
-FROM alpine:3.20
+FROM alpine:3.19
 RUN apk add --no-cache ca-certificates iptables ip6tables
 ENV NB_FOREGROUND_MODE=true
 ENTRYPOINT [ "/usr/local/bin/netbird","up"]
--- a/client/android/login.go
+++ b/client/android/login.go
@@ -84,7 +84,7 @@ func (a *Auth) SaveConfigIfSSOSupported(listener SSOListener) {
 func (a *Auth) saveConfigIfSSOSupported() (bool, error) {
 	supportsSSO := true
 	err := a.withBackOff(a.ctx, func() (err error) {
-		_, err = internal.GetPKCEAuthorizationFlowInfo(a.ctx, a.config.PrivateKey, a.config.ManagementURL, nil)
+		_, err = internal.GetPKCEAuthorizationFlowInfo(a.ctx, a.config.PrivateKey, a.config.ManagementURL)
 		if s, ok := gstatus.FromError(err); ok && (s.Code() == codes.NotFound || s.Code() == codes.Unimplemented) {
 			_, err = internal.GetDeviceAuthorizationFlowInfo(a.ctx, a.config.PrivateKey, a.config.ManagementURL)
 			s, ok := gstatus.FromError(err)
--- a/client/cmd/down.go
+++ b/client/cmd/down.go
@@ -42,8 +42,6 @@ var downCmd = &cobra.Command{
 			log.Errorf("call service down method: %v", err)
 			return err
 		}
-
-		cmd.Println("Disconnected")
 		return nil
 	},
 }
--- a/client/cmd/login.go
+++ b/client/cmd/login.go
@@ -39,11 +39,6 @@ var loginCmd = &cobra.Command{
 			ctx = context.WithValue(ctx, system.DeviceNameCtxKey, hostName)
 		}

-		providedSetupKey, err := getSetupKey()
-		if err != nil {
-			return err
-		}
-
 		// workaround to run without service
 		if logFile == "console" {
 			err = handleRebrand(cmd)
@@ -67,7 +62,7 @@ var loginCmd = &cobra.Command{

 			config, _ = internal.UpdateOldManagementURL(ctx, config, configPath)

-			err = foregroundLogin(ctx, cmd, config, providedSetupKey)
+			err = foregroundLogin(ctx, cmd, config, setupKey)
 			if err != nil {
 				return fmt.Errorf("foreground login failed: %v", err)
 			}
@@ -86,7 +81,7 @@ var loginCmd = &cobra.Command{
 		client := proto.NewDaemonServiceClient(conn)

 		loginRequest := proto.LoginRequest{
-			SetupKey:             providedSetupKey,
+			SetupKey:             setupKey,
 			ManagementUrl:        managementURL,
 			IsLinuxDesktopClient: isLinuxRunningDesktop(),
 			Hostname:             hostName,
--- a/client/cmd/root.go
+++ b/client/cmd/root.go
@@ -56,7 +56,6 @@ var (
 	managementURL           string
 	adminURL                string
 	setupKey                string
-	setupKeyPath            string
 	hostName                string
 	preSharedKey            string
 	natExternalIPs          []string
@@ -129,8 +128,6 @@ func init() {
 	rootCmd.PersistentFlags().StringVarP(&logLevel, "log-level", "l", "info", "sets Netbird log level")
 	rootCmd.PersistentFlags().StringVar(&logFile, "log-file", defaultLogFile, "sets Netbird log path. If console is specified the log will be output to stdout. If syslog is specified the log will be sent to syslog daemon.")
 	rootCmd.PersistentFlags().StringVarP(&setupKey, "setup-key", "k", "", "Setup key obtained from the Management Service Dashboard (used to register peer)")
-	rootCmd.PersistentFlags().StringVar(&setupKeyPath, "setup-key-file", "", "The path to a setup key obtained from the Management Service Dashboard (used to register peer) This is ignored if the setup-key flag is provided.")
-	rootCmd.MarkFlagsMutuallyExclusive("setup-key", "setup-key-file")
 	rootCmd.PersistentFlags().StringVar(&preSharedKey, preSharedKeyFlag, "", "Sets Wireguard PreSharedKey property. If set, then only peers that have the same key can communicate.")
 	rootCmd.PersistentFlags().StringVarP(&hostName, "hostname", "n", "", "Sets a custom hostname for the device")
 	rootCmd.PersistentFlags().BoolVarP(&anonymizeFlag, "anonymize", "A", false, "anonymize IP addresses and non-netbird.io domains in logs and status output")
@@ -256,21 +253,6 @@ var CLIBackOffSettings = &backoff.ExponentialBackOff{
 	Clock:               backoff.SystemClock,
 }

-func getSetupKey() (string, error) {
-	if setupKeyPath != "" && setupKey == "" {
-		return getSetupKeyFromFile(setupKeyPath)
-	}
-	return setupKey, nil
-}
-
-func getSetupKeyFromFile(setupKeyPath string) (string, error) {
-	data, err := os.ReadFile(setupKeyPath)
-	if err != nil {
-		return "", fmt.Errorf("failed to read setup key file: %v", err)
-	}
-	return strings.TrimSpace(string(data)), nil
-}
-
 func handleRebrand(cmd *cobra.Command) error {
 	var err error
 	if logFile == defaultLogFile {
--- a/client/cmd/root_test.go
+++ b/client/cmd/root_test.go
@@ -4,10 +4,6 @@ import (
 	"fmt"
 	"io"
 	"testing"
-
-	"github.com/spf13/cobra"
-
-	"github.com/netbirdio/netbird/iface"
 )

 func TestInitCommands(t *testing.T) {
@@ -38,44 +34,3 @@ func TestInitCommands(t *testing.T) {
 		})
 	}
 }
-
-func TestSetFlagsFromEnvVars(t *testing.T) {
-	var cmd = &cobra.Command{
-		Use:          "netbird",
-		Long:         "test",
-		SilenceUsage: true,
-		Run: func(cmd *cobra.Command, args []string) {
-			SetFlagsFromEnvVars(cmd)
-		},
-	}
-
-	cmd.PersistentFlags().StringSliceVar(&natExternalIPs, externalIPMapFlag, nil,
-		`comma separated list of external IPs to map to the Wireguard interface`)
-	cmd.PersistentFlags().StringVar(&interfaceName, interfaceNameFlag, iface.WgInterfaceDefault, "Wireguard interface name")
-	cmd.PersistentFlags().BoolVar(&rosenpassEnabled, enableRosenpassFlag, false, "Enable Rosenpass feature Rosenpass.")
-	cmd.PersistentFlags().Uint16Var(&wireguardPort, wireguardPortFlag, iface.DefaultWgPort, "Wireguard interface listening port")
-
-	t.Setenv("NB_EXTERNAL_IP_MAP", "abc,dec")
-	t.Setenv("NB_INTERFACE_NAME", "test-name")
-	t.Setenv("NB_ENABLE_ROSENPASS", "true")
-	t.Setenv("NB_WIREGUARD_PORT", "10000")
-	err := cmd.Execute()
-	if err != nil {
-		t.Fatalf("expected no error while running netbird command, got %v", err)
-	}
-	if len(natExternalIPs) != 2 {
-		t.Errorf("expected 2 external ips, got %d", len(natExternalIPs))
-	}
-	if natExternalIPs[0] != "abc" || natExternalIPs[1] != "dec" {
-		t.Errorf("expected abc,dec, got %s,%s", natExternalIPs[0], natExternalIPs[1])
-	}
-	if interfaceName != "test-name" {
-		t.Errorf("expected test-name, got %s", interfaceName)
-	}
-	if !rosenpassEnabled {
-		t.Errorf("expected rosenpassEnabled to be true, got false")
-	}
-	if wireguardPort != 10000 {
-		t.Errorf("expected wireguardPort to be 10000, got %d", wireguardPort)
-	}
-}
--- a/client/cmd/service.go
+++ b/client/cmd/service.go
@@ -2,21 +2,18 @@ package cmd

 import (
 	"context"
-
 	"github.com/kardianos/service"
 	log "github.com/sirupsen/logrus"
 	"github.com/spf13/cobra"
 	"google.golang.org/grpc"

 	"github.com/netbirdio/netbird/client/internal"
-	"github.com/netbirdio/netbird/client/server"
 )

 type program struct {
-	ctx            context.Context
-	cancel         context.CancelFunc
-	serv           *grpc.Server
-	serverInstance *server.Server
+	ctx    context.Context
+	cancel context.CancelFunc
+	serv   *grpc.Server
 }

 func newProgram(ctx context.Context, cancel context.CancelFunc) *program {
--- a/client/cmd/service_controller.go
+++ b/client/cmd/service_controller.go
@@ -61,8 +61,6 @@ func (p *program) Start(svc service.Service) error {
 		}
 		proto.RegisterDaemonServiceServer(p.serv, serverInstance)

-		p.serverInstance = serverInstance
-
 		log.Printf("started daemon server: %v", split[1])
 		if err := p.serv.Serve(listen); err != nil {
 			log.Errorf("failed to serve daemon requests: %v", err)
@@ -72,14 +70,6 @@ func (p *program) Start(svc service.Service) error {
 }

 func (p *program) Stop(srv service.Service) error {
-	if p.serverInstance != nil {
-		in := new(proto.DownRequest)
-		_, err := p.serverInstance.Down(p.ctx, in)
-		if err != nil {
-			log.Errorf("failed to stop daemon: %v", err)
-		}
-	}
-
 	p.cancel()

 	if p.serv != nil {
--- a/client/cmd/testutil_test.go
+++ b/client/cmd/testutil_test.go
@@ -11,7 +11,6 @@ import (
 	"go.opentelemetry.io/otel"

 	"github.com/netbirdio/netbird/management/server/activity"
-	"github.com/netbirdio/netbird/management/server/telemetry"

 	"github.com/netbirdio/netbird/util"

@@ -72,7 +71,6 @@ func startSignal(t *testing.T) (*grpc.Server, net.Listener) {

 func startManagement(t *testing.T, config *mgmt.Config) (*grpc.Server, net.Listener) {
 	t.Helper()
-
 	lis, err := net.Listen("tcp", ":0")
 	if err != nil {
 		t.Fatal(err)
@@ -90,17 +88,16 @@ func startManagement(t *testing.T, config *mgmt.Config) (*grpc.Server, net.Liste
 		return nil, nil
 	}
 	iv, _ := integrations.NewIntegratedValidator(context.Background(), eventStore)
-
-	metrics, err := telemetry.NewDefaultAppMetrics(context.Background())
-	require.NoError(t, err)
-
-	accountManager, err := mgmt.BuildManager(context.Background(), store, peersUpdateManager, nil, "", "netbird.selfhosted", eventStore, nil, false, iv, metrics)
+	accountManager, err := mgmt.BuildManager(context.Background(), store, peersUpdateManager, nil, "", "netbird.selfhosted", eventStore, nil, false, iv)
 	if err != nil {
 		t.Fatal(err)
 	}

-	secretsManager := mgmt.NewTimeBasedAuthSecretsManager(peersUpdateManager, config.TURNConfig, config.Relay)
-	mgmtServer, err := mgmt.NewServer(context.Background(), config, accountManager, peersUpdateManager, secretsManager, nil, nil)
+	rc := &mgmt.RelayConfig{
+		Address: "localhost:0",
+	}
+	turnManager := mgmt.NewTimeBasedAuthSecretsManager(peersUpdateManager, config.TURNConfig, rc)
+	mgmtServer, err := mgmt.NewServer(context.Background(), config, accountManager, peersUpdateManager, turnManager, nil, nil)
 	if err != nil {
 		t.Fatal(err)
 	}
--- a/client/cmd/up.go
+++ b/client/cmd/up.go
@@ -147,11 +147,6 @@ func runInForegroundMode(ctx context.Context, cmd *cobra.Command) error {
 		ic.DNSRouteInterval = &dnsRouteInterval
 	}

-	providedSetupKey, err := getSetupKey()
-	if err != nil {
-		return err
-	}
-
 	config, err := internal.UpdateOrCreateConfig(ic)
 	if err != nil {
 		return fmt.Errorf("get config file: %v", err)
@@ -159,7 +154,7 @@ func runInForegroundMode(ctx context.Context, cmd *cobra.Command) error {

 	config, _ = internal.UpdateOldManagementURL(ctx, config, configPath)

-	err = foregroundLogin(ctx, cmd, config, providedSetupKey)
+	err = foregroundLogin(ctx, cmd, config, setupKey)
 	if err != nil {
 		return fmt.Errorf("foreground login failed: %v", err)
 	}
@@ -207,13 +202,8 @@ func runInDaemonMode(ctx context.Context, cmd *cobra.Command) error {
 		return nil
 	}

-	providedSetupKey, err := getSetupKey()
-	if err != nil {
-		return err
-	}
-
 	loginRequest := proto.LoginRequest{
-		SetupKey:             providedSetupKey,
+		SetupKey:             setupKey,
 		ManagementUrl:        managementURL,
 		AdminURL:             adminURL,
 		NatExternalIPs:       natExternalIPs,
--- a/client/cmd/up_daemon_test.go
+++ b/client/cmd/up_daemon_test.go
@@ -2,7 +2,6 @@ package cmd

 import (
 	"context"
-	"os"
 	"testing"
 	"time"

@@ -41,36 +40,6 @@ func TestUpDaemon(t *testing.T) {
 		return
 	}

-	// Test the setup-key-file flag.
-	tempFile, err := os.CreateTemp("", "setup-key")
-	if err != nil {
-		t.Errorf("could not create temp file, got error %v", err)
-		return
-	}
-	defer os.Remove(tempFile.Name())
-	if _, err := tempFile.Write([]byte("A2C8E62B-38F5-4553-B31E-DD66C696CEBB")); err != nil {
-		t.Errorf("could not write to temp file, got error %v", err)
-		return
-	}
-	if err := tempFile.Close(); err != nil {
-		t.Errorf("unable to close file, got error %v", err)
-	}
-	rootCmd.SetArgs([]string{
-		"login",
-		"--daemon-addr", "tcp://" + cliAddr,
-		"--setup-key-file", tempFile.Name(),
-		"--log-file", "",
-	})
-	if err := rootCmd.Execute(); err != nil {
-		t.Errorf("expected no error while running up command, got %v", err)
-		return
-	}
-	time.Sleep(time.Second * 3)
-	if status, err := state.Status(); err != nil && status != internal.StatusIdle {
-		t.Errorf("wrong status after login: %s, %v", internal.StatusIdle, err)
-		return
-	}
-
 	rootCmd.SetArgs([]string{
 		"up",
 		"--daemon-addr", "tcp://" + cliAddr,
--- a/client/internal/auth/device_flow.go
+++ b/client/internal/auth/device_flow.go
@@ -3,7 +3,6 @@ package auth
 import (
 	"context"
 	"encoding/json"
-	"errors"
 	"fmt"
 	"io"
 	"net/http"
@@ -181,7 +180,7 @@ func (d *DeviceAuthorizationFlow) WaitToken(ctx context.Context, info AuthFlowIn
 					continue
 				}

-				return TokenInfo{}, errors.New(tokenResponse.ErrorDescription)
+				return TokenInfo{}, fmt.Errorf(tokenResponse.ErrorDescription)
 			}

 			tokenInfo := TokenInfo{
--- a/client/internal/auth/oauth.go
+++ b/client/internal/auth/oauth.go
@@ -86,7 +86,7 @@ func NewOAuthFlow(ctx context.Context, config *internal.Config, isLinuxDesktopCl

 // authenticateWithPKCEFlow initializes the Proof Key for Code Exchange flow auth flow
 func authenticateWithPKCEFlow(ctx context.Context, config *internal.Config) (OAuthFlow, error) {
-	pkceFlowInfo, err := internal.GetPKCEAuthorizationFlowInfo(ctx, config.PrivateKey, config.ManagementURL, config.ClientCertKeyPair)
+	pkceFlowInfo, err := internal.GetPKCEAuthorizationFlowInfo(ctx, config.PrivateKey, config.ManagementURL)
 	if err != nil {
 		return nil, fmt.Errorf("getting pkce authorization flow info failed with error: %v", err)
 	}
--- a/client/internal/auth/pkce_flow.go
+++ b/client/internal/auth/pkce_flow.go
@@ -4,7 +4,6 @@ import (
 	"context"
 	"crypto/sha256"
 	"crypto/subtle"
-	"crypto/tls"
 	"encoding/base64"
 	"errors"
 	"fmt"
@@ -144,18 +143,6 @@ func (p *PKCEAuthorizationFlow) WaitToken(ctx context.Context, _ AuthFlowInfo) (
 func (p *PKCEAuthorizationFlow) startServer(server *http.Server, tokenChan chan<- *oauth2.Token, errChan chan<- error) {
 	mux := http.NewServeMux()
 	mux.HandleFunc("/", func(w http.ResponseWriter, req *http.Request) {
-		cert := p.providerConfig.ClientCertPair
-		if cert != nil {
-			tr := &http.Transport{
-				TLSClientConfig: &tls.Config{
-					Certificates: []tls.Certificate{*cert},
-				},
-			}
-			sslClient := &http.Client{Transport: tr}
-			ctx := context.WithValue(req.Context(), oauth2.HTTPClient, sslClient)
-			req = req.WithContext(ctx)
-		}
-
 		token, err := p.handleRequest(req)
 		if err != nil {
 			renderPKCEFlowTmpl(w, err)
--- a/client/internal/config.go
+++ b/client/internal/config.go
@@ -2,7 +2,6 @@ package internal

 import (
 	"context"
-	"crypto/tls"
 	"fmt"
 	"net/url"
 	"os"
@@ -58,8 +57,6 @@ type ConfigInput struct {
 	DisableAutoConnect  *bool
 	ExtraIFaceBlackList []string
 	DNSRouteInterval    *time.Duration
-	ClientCertPath      string
-	ClientCertKeyPath   string
 }

 // Config Configuration type
@@ -105,13 +102,6 @@ type Config struct {

 	// DNSRouteInterval is the interval in which the DNS routes are updated
 	DNSRouteInterval time.Duration
-	//Path to a certificate used for mTLS authentication
-	ClientCertPath string
-
-	//Path to corresponding private key of ClientCertPath
-	ClientCertKeyPath string
-
-	ClientCertKeyPair *tls.Certificate `json:"-"`
 }

 // ReadConfig read config file and return with Config. If it is not exists create a new with default values
@@ -395,26 +385,6 @@ func (config *Config) apply(input ConfigInput) (updated bool, err error) {

 	}

-	if input.ClientCertKeyPath != "" {
-		config.ClientCertKeyPath = input.ClientCertKeyPath
-		updated = true
-	}
-
-	if input.ClientCertPath != "" {
-		config.ClientCertPath = input.ClientCertPath
-		updated = true
-	}
-
-	if config.ClientCertPath != "" && config.ClientCertKeyPath != "" {
-		cert, err := tls.LoadX509KeyPair(config.ClientCertPath, config.ClientCertKeyPath)
-		if err != nil {
-			log.Error("Failed to load mTLS cert/key pair: ", err)
-		} else {
-			config.ClientCertKeyPair = &cert
-			log.Info("Loaded client mTLS cert/key pair")
-		}
-	}
-
 	return updated, nil
 }

--- a/client/internal/connect.go
+++ b/client/internal/connect.go
@@ -57,15 +57,17 @@ func NewConnectClient(

 // Run with main logic.
 func (c *ConnectClient) Run() error {
-	return c.run(MobileDependency{}, nil, nil)
+	return c.run(MobileDependency{}, nil, nil, nil, nil)
 }

 // RunWithProbes runs the client's main logic with probes attached
 func (c *ConnectClient) RunWithProbes(
-	probes *ProbeHolder,
-	runningChan chan error,
+	mgmProbe *Probe,
+	signalProbe *Probe,
+	relayProbe *Probe,
+	wgProbe *Probe,
 ) error {
-	return c.run(MobileDependency{}, probes, runningChan)
+	return c.run(MobileDependency{}, mgmProbe, signalProbe, relayProbe, wgProbe)
 }

 // RunOnAndroid with main logic on mobile system
@@ -84,7 +86,7 @@ func (c *ConnectClient) RunOnAndroid(
 		HostDNSAddresses:      dnsAddresses,
 		DnsReadyListener:      dnsReadyListener,
 	}
-	return c.run(mobileDependency, nil, nil)
+	return c.run(mobileDependency, nil, nil, nil, nil)
 }

 func (c *ConnectClient) RunOniOS(
@@ -100,13 +102,15 @@ func (c *ConnectClient) RunOniOS(
 		NetworkChangeListener: networkChangeListener,
 		DnsManager:            dnsManager,
 	}
-	return c.run(mobileDependency, nil, nil)
+	return c.run(mobileDependency, nil, nil, nil, nil)
 }

 func (c *ConnectClient) run(
 	mobileDependency MobileDependency,
-	probes *ProbeHolder,
-	runningChan chan error,
+	mgmProbe *Probe,
+	signalProbe *Probe,
+	relayProbe *Probe,
+	wgProbe *Probe,
 ) error {
 	defer func() {
 		if r := recover(); r != nil {
@@ -194,7 +198,6 @@ func (c *ConnectClient) run(
 			log.Debug(err)
 			if s, ok := gstatus.FromError(err); ok && (s.Code() == codes.PermissionDenied) {
 				state.Set(StatusNeedsLogin)
-				_ = c.Stop()
 				return backoff.Permanent(wrapErr(err)) // unrecoverable error
 			}
 			return wrapErr(err)
@@ -239,16 +242,13 @@ func (c *ConnectClient) run(

 		c.statusRecorder.MarkSignalConnected()

-		relayURLs, token := parseRelayInfo(loginResp)
-		relayManager := relayClient.NewManager(engineCtx, relayURLs, myPrivateKey.PublicKey().String())
-		if len(relayURLs) > 0 {
+		relayURL, token := parseRelayInfo(loginResp)
+		relayManager := relayClient.NewManager(engineCtx, relayURL, myPrivateKey.PublicKey().String())
+		if relayURL != "" {
 			if token != nil {
-				if err := relayManager.UpdateToken(token); err != nil {
-					log.Errorf("failed to update token: %s", err)
-					return wrapErr(err)
-				}
+				relayManager.UpdateToken(token)
 			}
-			log.Infof("connecting to the Relay service(s): %s", strings.Join(relayURLs, ", "))
+			log.Infof("connecting to the Relay service %s", relayURL)
 			if err = relayManager.Serve(); err != nil {
 				log.Error(err)
 				return wrapErr(err)
@@ -267,8 +267,7 @@ func (c *ConnectClient) run(
 		checks := loginResp.GetChecks()

 		c.engineMutex.Lock()
-		c.engine = NewEngineWithProbes(engineCtx, cancel, signalClient, mgmClient, relayManager, engineConfig, mobileDependency, c.statusRecorder, probes, checks)
-
+		c.engine = NewEngineWithProbes(engineCtx, cancel, signalClient, mgmClient, relayManager, engineConfig, mobileDependency, c.statusRecorder, mgmProbe, signalProbe, relayProbe, wgProbe, checks)
 		c.engineMutex.Unlock()

 		if err := c.engine.Start(); err != nil {
@@ -279,16 +278,17 @@ func (c *ConnectClient) run(
 		log.Infof("Netbird engine started, the IP is: %s", peerConfig.GetAddress())
 		state.Set(StatusConnected)

-		if runningChan != nil {
-			runningChan <- nil
-			close(runningChan)
-		}
-
 		<-engineCtx.Done()
 		c.statusRecorder.ClientTeardown()

 		backOff.Reset()

+		err = c.engine.Stop()
+		if err != nil {
+			log.Errorf("failed stopping engine %v", err)
+			return wrapErr(err)
+		}
+
 		log.Info("stopped NetBird client")

 		if _, err := state.Status(); errors.Is(err, ErrResetConnection) {
@@ -304,31 +304,32 @@ func (c *ConnectClient) run(
 		log.Debugf("exiting client retry loop due to unrecoverable error: %s", err)
 		if s, ok := gstatus.FromError(err); ok && (s.Code() == codes.PermissionDenied) {
 			state.Set(StatusNeedsLogin)
-			_ = c.Stop()
 		}
 		return err
 	}
 	return nil
 }

-func parseRelayInfo(loginResp *mgmProto.LoginResponse) ([]string, *hmac.Token) {
-	relayCfg := loginResp.GetWiretrusteeConfig().GetRelay()
-	if relayCfg == nil {
-		return nil, nil
+func parseRelayInfo(resp *mgmProto.LoginResponse) (string, *hmac.Token) {
+	msg := resp.GetWiretrusteeConfig().GetRelay()
+	if msg == nil {
+		return "", nil
+	}
+
+	var url string
+	if msg.GetUrls() != nil && len(msg.GetUrls()) > 0 {
+		url = msg.GetUrls()[0]
 	}

 	token := &hmac.Token{
-		Payload:   relayCfg.GetTokenPayload(),
-		Signature: relayCfg.GetTokenSignature(),
+		Payload:   msg.GetTokenPayload(),
+		Signature: msg.GetTokenSignature(),
 	}

-	return relayCfg.GetUrls(), token
+	return url, token
 }

 func (c *ConnectClient) Engine() *Engine {
-	if c == nil {
-		return nil
-	}
 	var e *Engine
 	c.engineMutex.Lock()
 	e = c.engine
@@ -336,19 +337,6 @@ func (c *ConnectClient) Engine() *Engine {
 	return e
 }

-func (c *ConnectClient) Stop() error {
-	if c == nil {
-		return nil
-	}
-	c.engineMutex.Lock()
-	defer c.engineMutex.Unlock()
-
-	if c.engine == nil {
-		return nil
-	}
-	return c.engine.Stop()
-}
-
 func (c *ConnectClient) isContextCancelled() bool {
 	select {
 	case <-c.ctx.Done():
@@ -448,43 +436,19 @@ func statusRecorderToSignalConnStateNotifier(statusRecorder *peer.Status) signal
 	return notifier
 }

-// freePort attempts to determine if the provided port is available, if not it will ask the system for a free port.
-func freePort(initPort int) (int, error) {
+func freePort(start int) (int, error) {
 	addr := net.UDPAddr{}
-	if initPort == 0 {
-		initPort = iface.DefaultWgPort
+	if start == 0 {
+		start = iface.DefaultWgPort
 	}
-
-	addr.Port = initPort
-
-	conn, err := net.ListenUDP("udp", &addr)
-	if err == nil {
-		closeConnWithLog(conn)
-		return initPort, nil
-	}
-
-	// if the port is already in use, ask the system for a free port
-	addr.Port = 0
-	conn, err = net.ListenUDP("udp", &addr)
-	if err != nil {
-		return 0, fmt.Errorf("unable to get a free port: %v", err)
-	}
-
-	udpAddr, ok := conn.LocalAddr().(*net.UDPAddr)
-	if !ok {
-		return 0, errors.New("wrong address type when getting a free port")
-	}
-	closeConnWithLog(conn)
-	return udpAddr.Port, nil
-}
-
-func closeConnWithLog(conn *net.UDPConn) {
-	startClosing := time.Now()
-	err := conn.Close()
-	if err != nil {
-		log.Warnf("closing probe port %d failed: %v. NetBird will still attempt to use this port for connection.", conn.LocalAddr().(*net.UDPAddr).Port, err)
-	}
-	if time.Since(startClosing) > time.Second {
-		log.Warnf("closing the testing port %d took %s. Usually it is safe to ignore, but continuous warnings may indicate a problem.", conn.LocalAddr().(*net.UDPAddr).Port, time.Since(startClosing))
+	for x := start; x <= 65535; x++ {
+		addr.Port = x
+		conn, err := net.ListenUDP("udp", &addr)
+		if err != nil {
+			continue
+		}
+		conn.Close()
+		return x, nil
 	}
+	return 0, errors.New("no free ports")
 }
--- a/client/internal/connect_test.go
+++ b/client/internal/connect_test.go
@@ -7,55 +7,51 @@ import (

 func Test_freePort(t *testing.T) {
 	tests := []struct {
-		name        string
-		port        int
-		want        int
-		shouldMatch bool
+		name    string
+		port    int
+		want    int
+		wantErr bool
 	}{
 		{
-			name:        "not provided, fallback to default",
-			port:        0,
-			want:        51820,
-			shouldMatch: true,
+			name:    "available",
+			port:    51820,
+			want:    51820,
+			wantErr: false,
 		},
 		{
-			name:        "provided and available",
-			port:        51821,
-			want:        51821,
-			shouldMatch: true,
+			name:    "notavailable",
+			port:    51830,
+			want:    51831,
+			wantErr: false,
 		},
 		{
-			name:        "provided and not available",
-			port:        51830,
-			want:        51830,
-			shouldMatch: false,
+			name:    "noports",
+			port:    65535,
+			want:    0,
+			wantErr: true,
 		},
 	}
-	c1, err := net.ListenUDP("udp", &net.UDPAddr{Port: 51830})
-	if err != nil {
-		t.Errorf("freePort error = %v", err)
-	}
-	defer func(c1 *net.UDPConn) {
-		_ = c1.Close()
-	}(c1)
-
 	for _, tt := range tests {

+		c1, err := net.ListenUDP("udp", &net.UDPAddr{Port: 51830})
+		if err != nil {
+			t.Errorf("freePort error = %v", err)
+		}
+		c2, err := net.ListenUDP("udp", &net.UDPAddr{Port: 65535})
+		if err != nil {
+			t.Errorf("freePort error = %v", err)
+		}
 		t.Run(tt.name, func(t *testing.T) {
 			got, err := freePort(tt.port)
-
-			if err != nil {
-				t.Errorf("got an error while getting free port: %v", err)
+			if (err != nil) != tt.wantErr {
+				t.Errorf("freePort() error = %v, wantErr %v", err, tt.wantErr)
+				return
 			}
-
-			if tt.shouldMatch && got != tt.want {
-				t.Errorf("got a different port %v, want %v", got, tt.want)
-			}
-
-			if !tt.shouldMatch && got == tt.want {
-				t.Errorf("got the same port %v, want a different port", tt.want)
+			if got != tt.want {
+				t.Errorf("freePort() = %v, want %v", got, tt.want)
 			}
 		})
-
+		c1.Close()
+		c2.Close()
 	}
 }
--- a/client/internal/engine.go
+++ b/client/internal/engine.go
@@ -128,7 +128,7 @@ type Engine struct {
 	STUNs []*stun.URI
 	// TURNs is a list of STUN servers used by ICE
 	TURNs    []*stun.URI
-	stunTurn atomic.Value
+	StunTurn atomic.Value

 	// clientRoutes is the most recent list of clientRoutes received from the Management Service
 	clientRoutes   route.HAMap
@@ -161,7 +161,10 @@ type Engine struct {

 	dnsServer dns.Server

-	probes *ProbeHolder
+	mgmProbe    *Probe
+	signalProbe *Probe
+	relayProbe  *Probe
+	wgProbe     *Probe

 	// checks are the client-applied posture checks that need to be evaluated on the client
 	checks []*mgmProto.Checks
@@ -197,6 +200,9 @@ func NewEngine(
 		mobileDep,
 		statusRecorder,
 		nil,
+		nil,
+		nil,
+		nil,
 		checks,
 	)
 }
@@ -211,7 +217,10 @@ func NewEngineWithProbes(
 	config *EngineConfig,
 	mobileDep MobileDependency,
 	statusRecorder *peer.Status,
-	probes *ProbeHolder,
+	mgmProbe *Probe,
+	signalProbe *Probe,
+	relayProbe *Probe,
+	wgProbe *Probe,
 	checks []*mgmProto.Checks,
 ) *Engine {
 	return &Engine{
@@ -230,20 +239,22 @@ func NewEngineWithProbes(
 		networkSerial:  0,
 		sshServerFunc:  nbssh.DefaultSSHServer,
 		statusRecorder: statusRecorder,
-		probes:         probes,
+		mgmProbe:       mgmProbe,
+		signalProbe:    signalProbe,
+		relayProbe:     relayProbe,
+		wgProbe:        wgProbe,
 		checks:         checks,
 	}
 }

 func (e *Engine) Stop() error {
-	if e == nil {
-		// this seems to be a very odd case but there was the possibility if the netbird down command comes before the engine is fully started
-		log.Debugf("tried stopping engine that is nil")
-		return nil
-	}
 	e.syncMsgMux.Lock()
 	defer e.syncMsgMux.Unlock()

+	if e.cancel != nil {
+		e.cancel()
+	}
+
 	// stopping network monitor first to avoid starting the engine again
 	if e.networkMonitor != nil {
 		e.networkMonitor.Stop()
@@ -252,17 +263,13 @@ func (e *Engine) Stop() error {

 	err := e.removeAllPeers()
 	if err != nil {
-		return fmt.Errorf("failed to remove all peers: %s", err)
+		return err
 	}

 	e.clientRoutesMu.Lock()
 	e.clientRoutes = nil
 	e.clientRoutesMu.Unlock()

-	if e.cancel != nil {
-		e.cancel()
-	}
-
 	// very ugly but we want to remove peers from the WireGuard interface first before removing interface.
 	// Removing peers happens in the conn.Close() asynchronously
 	time.Sleep(500 * time.Millisecond)
@@ -318,7 +325,7 @@ func (e *Engine) Start() error {
 	}
 	e.dnsServer = dnsServer

-	e.routeManager = routemanager.NewManager(e.ctx, e.config.WgPrivateKey.PublicKey().String(), e.config.DNSRouteInterval, e.wgInterface, e.statusRecorder, e.relayManager, initialRoutes)
+	e.routeManager = routemanager.NewManager(e.ctx, e.config.WgPrivateKey.PublicKey().String(), e.config.DNSRouteInterval, e.wgInterface, e.statusRecorder, initialRoutes)
 	beforePeerHook, afterPeerHook, err := e.routeManager.Init()
 	if err != nil {
 		log.Errorf("Failed to initialize route manager: %s", err)
@@ -480,18 +487,18 @@ func (e *Engine) handleSync(update *mgmProto.SyncResponse) error {
 		wCfg := update.GetWiretrusteeConfig()
 		err := e.updateTURNs(wCfg.GetTurns())
 		if err != nil {
-			return fmt.Errorf("update TURNs: %w", err)
+			return err
 		}

 		err = e.updateSTUNs(wCfg.GetStuns())
 		if err != nil {
-			return fmt.Errorf("update STUNs: %w", err)
+			return err
 		}

 		var stunTurn []*stun.URI
 		stunTurn = append(stunTurn, e.STUNs...)
 		stunTurn = append(stunTurn, e.TURNs...)
-		e.stunTurn.Store(stunTurn)
+		e.StunTurn.Store(stunTurn)

 		relayMsg := wCfg.GetRelay()
 		if relayMsg != nil {
@@ -499,10 +506,7 @@ func (e *Engine) handleSync(update *mgmProto.SyncResponse) error {
 				Payload:   relayMsg.GetTokenPayload(),
 				Signature: relayMsg.GetTokenSignature(),
 			}
-			if err := e.relayManager.UpdateToken(c); err != nil {
-				log.Errorf("failed to update relay token: %v", err)
-				return fmt.Errorf("update relay token: %w", err)
-			}
+			e.relayManager.UpdateToken(c)
 		}

 		// todo update relay address in the relay manager
@@ -948,7 +952,7 @@ func (e *Engine) createPeerConn(pubKey string, allowedIPs string) (*peer.Conn, e
 		RosenpassPubKey: e.getRosenpassPubKey(),
 		RosenpassAddr:   e.getRosenpassAddr(),
 		ICEConfig: peer.ICEConfig{
-			StunTurn:             &e.stunTurn,
+			StunTurn:             e.StunTurn,
 			InterfaceBlackList:   e.config.IFaceBlackList,
 			DisableIPv6Discovery: e.config.DisableIPv6Discovery,
 			UDPMux:               e.udpMux.UDPMuxDefault,
@@ -1291,27 +1295,24 @@ func (e *Engine) getRosenpassAddr() string {
 }

 func (e *Engine) receiveProbeEvents() {
-	if e.probes == nil {
-		return
-	}
-	if e.probes.SignalProbe != nil {
-		go e.probes.SignalProbe.Receive(e.ctx, func() bool {
+	if e.signalProbe != nil {
+		go e.signalProbe.Receive(e.ctx, func() bool {
 			healthy := e.signal.IsHealthy()
 			log.Debugf("received signal probe request, healthy: %t", healthy)
 			return healthy
 		})
 	}

-	if e.probes.MgmProbe != nil {
-		go e.probes.MgmProbe.Receive(e.ctx, func() bool {
+	if e.mgmProbe != nil {
+		go e.mgmProbe.Receive(e.ctx, func() bool {
 			healthy := e.mgmClient.IsHealthy()
 			log.Debugf("received management probe request, healthy: %t", healthy)
 			return healthy
 		})
 	}

-	if e.probes.RelayProbe != nil {
-		go e.probes.RelayProbe.Receive(e.ctx, func() bool {
+	if e.relayProbe != nil {
+		go e.relayProbe.Receive(e.ctx, func() bool {
 			healthy := true

 			results := append(e.probeSTUNs(), e.probeTURNs()...)
@@ -1330,8 +1331,8 @@ func (e *Engine) receiveProbeEvents() {
 		})
 	}

-	if e.probes.WgProbe != nil {
-		go e.probes.WgProbe.Receive(e.ctx, func() bool {
+	if e.wgProbe != nil {
+		go e.wgProbe.Receive(e.ctx, func() bool {
 			log.Debug("received wg probe request")

 			for _, peer := range e.peerConns {
@@ -1427,3 +1428,20 @@ func isChecksEqual(checks []*mgmProto.Checks, oChecks []*mgmProto.Checks) bool {
 		return slices.Equal(checks.Files, oChecks.Files)
 	})
 }
+
+func (e *Engine) IsWGIfaceUp() bool {
+	if e == nil || e.wgInterface == nil {
+		return false
+	}
+	iface, err := net.InterfaceByName(e.wgInterface.Name())
+	if err != nil {
+		log.Debugf("failed to get interface by name %s: %v", e.wgInterface.Name(), err)
+		return false
+	}
+
+	if iface.Flags&net.FlagUp != 0 {
+		return true
+	}
+
+	return false
+}
--- a/client/internal/engine_test.go
+++ b/client/internal/engine_test.go
@@ -13,7 +13,6 @@ import (
 	"testing"
 	"time"

-	"github.com/google/uuid"
 	"github.com/pion/transport/v3/stdnet"
 	log "github.com/sirupsen/logrus"
 	"github.com/stretchr/testify/assert"
@@ -37,7 +36,6 @@ import (
 	mgmtProto "github.com/netbirdio/netbird/management/proto"
 	"github.com/netbirdio/netbird/management/server"
 	"github.com/netbirdio/netbird/management/server/activity"
-	"github.com/netbirdio/netbird/management/server/telemetry"
 	relayClient "github.com/netbirdio/netbird/relay/client"
 	"github.com/netbirdio/netbird/route"
 	signal "github.com/netbirdio/netbird/signal/client"
@@ -81,7 +79,7 @@ func TestEngine_SSH(t *testing.T) {
 	ctx, cancel := context.WithCancel(context.Background())
 	defer cancel()

-	relayMgr := relayClient.NewManager(ctx, nil, key.PublicKey().String())
+	relayMgr := relayClient.NewManager(ctx, "", key.PublicKey().String())
 	engine := NewEngine(
 		ctx, cancel,
 		&signal.MockClient{},
@@ -226,7 +224,7 @@ func TestEngine_UpdateNetworkMap(t *testing.T) {
 	ctx, cancel := context.WithCancel(context.Background())
 	defer cancel()

-	relayMgr := relayClient.NewManager(ctx, nil, key.PublicKey().String())
+	relayMgr := relayClient.NewManager(ctx, "", key.PublicKey().String())
 	engine := NewEngine(
 		ctx, cancel,
 		&signal.MockClient{},
@@ -248,7 +246,7 @@ func TestEngine_UpdateNetworkMap(t *testing.T) {
 		},
 	}
 	engine.wgInterface = wgIface
-	engine.routeManager = routemanager.NewManager(ctx, key.PublicKey().String(), time.Minute, engine.wgInterface, engine.statusRecorder, relayMgr, nil)
+	engine.routeManager = routemanager.NewManager(ctx, key.PublicKey().String(), time.Minute, engine.wgInterface, engine.statusRecorder, nil)
 	engine.dnsServer = &dns.MockServer{
 		UpdateDNSServerFunc: func(serial uint64, update nbdns.Config) error { return nil },
 	}
@@ -430,7 +428,7 @@ func TestEngine_Sync(t *testing.T) {
 		}
 		return nil
 	}
-	relayMgr := relayClient.NewManager(ctx, nil, key.PublicKey().String())
+	relayMgr := relayClient.NewManager(ctx, "", key.PublicKey().String())
 	engine := NewEngine(ctx, cancel, &signal.MockClient{}, &mgmt.MockClient{SyncFunc: syncFunc}, relayMgr, &EngineConfig{
 		WgIfaceName:  "utun103",
 		WgAddr:       "100.64.0.1/24",
@@ -590,7 +588,7 @@ func TestEngine_UpdateNetworkMapWithRoutes(t *testing.T) {
 			wgIfaceName := fmt.Sprintf("utun%d", 104+n)
 			wgAddr := fmt.Sprintf("100.66.%d.1/24", n)

-			relayMgr := relayClient.NewManager(ctx, nil, key.PublicKey().String())
+			relayMgr := relayClient.NewManager(ctx, "", key.PublicKey().String())
 			engine := NewEngine(ctx, cancel, &signal.MockClient{}, &mgmt.MockClient{}, relayMgr, &EngineConfig{
 				WgIfaceName:  wgIfaceName,
 				WgAddr:       wgAddr,
@@ -761,7 +759,7 @@ func TestEngine_UpdateNetworkMapWithDNSUpdate(t *testing.T) {
 			wgIfaceName := fmt.Sprintf("utun%d", 104+n)
 			wgAddr := fmt.Sprintf("100.66.%d.1/24", n)

-			relayMgr := relayClient.NewManager(ctx, nil, key.PublicKey().String())
+			relayMgr := relayClient.NewManager(ctx, "", key.PublicKey().String())
 			engine := NewEngine(ctx, cancel, &signal.MockClient{}, &mgmt.MockClient{}, relayMgr, &EngineConfig{
 				WgIfaceName:  wgIfaceName,
 				WgAddr:       wgAddr,
@@ -873,8 +871,6 @@ func TestEngine_MultiplePeers(t *testing.T) {
 			engine.dnsServer = &dns.MockServer{}
 			mu.Lock()
 			defer mu.Unlock()
-			guid := fmt.Sprintf("{%s}", uuid.New().String())
-			iface.CustomWindowsGUIDString = strings.ToLower(guid)
 			err = engine.Start()
 			if err != nil {
 				t.Errorf("unable to start engine for peer %d with error %v", j, err)
@@ -1040,7 +1036,7 @@ func createEngine(ctx context.Context, cancel context.CancelFunc, setupKey strin
 		WgPort:       wgPort,
 	}

-	relayMgr := relayClient.NewManager(ctx, nil, key.PublicKey().String())
+	relayMgr := relayClient.NewManager(ctx, "", key.PublicKey().String())
 	e, err := NewEngine(ctx, cancel, signalClient, mgmtClient, relayMgr, conf, MobileDependency{}, peer.NewRecorder("https://mgm"), nil), nil
 	e.ctx = ctx
 	return e, err
@@ -1075,11 +1071,6 @@ func startManagement(t *testing.T, dataDir string) (*grpc.Server, string, error)
 	config := &server.Config{
 		Stuns:      []*server.Host{},
 		TURNConfig: &server.TURNConfig{},
-		Relay: &server.Relay{
-			Addresses:      []string{"127.0.0.1:1234"},
-			CredentialsTTL: util.Duration{Duration: time.Hour},
-			Secret:         "222222222222222222",
-		},
 		Signal: &server.Host{
 			Proto: "http",
 			URI:   "localhost:10000",
@@ -1106,17 +1097,15 @@ func startManagement(t *testing.T, dataDir string) (*grpc.Server, string, error)
 		return nil, "", err
 	}
 	ia, _ := integrations.NewIntegratedValidator(context.Background(), eventStore)
-
-	metrics, err := telemetry.NewDefaultAppMetrics(context.Background())
-	require.NoError(t, err)
-
-	accountManager, err := server.BuildManager(context.Background(), store, peersUpdateManager, nil, "", "netbird.selfhosted", eventStore, nil, false, ia, metrics)
+	accountManager, err := server.BuildManager(context.Background(), store, peersUpdateManager, nil, "", "netbird.selfhosted", eventStore, nil, false, ia)
 	if err != nil {
 		return nil, "", err
 	}
-
-	secretsManager := server.NewTimeBasedAuthSecretsManager(peersUpdateManager, config.TURNConfig, config.Relay)
-	mgmtServer, err := server.NewServer(context.Background(), config, accountManager, peersUpdateManager, secretsManager, nil, nil)
+	rc := &server.RelayConfig{
+		Address: "127.0.0.1:1234",
+	}
+	turnManager := server.NewTimeBasedAuthSecretsManager(peersUpdateManager, config.TURNConfig, rc)
+	mgmtServer, err := server.NewServer(context.Background(), config, accountManager, peersUpdateManager, turnManager, nil, nil)
 	if err != nil {
 		return nil, "", err
 	}
--- a/client/internal/networkmonitor/monitor_bsd.go
+++ b/client/internal/networkmonitor/monitor_bsd.go
@@ -65,7 +65,7 @@ func checkChange(ctx context.Context, nexthopv4, nexthopv6 systemops.Nexthop, ca
 					continue
 				}

-				if route.Dst.Bits() != 0 {
+				if !route.Dst.Addr().IsUnspecified() {
 					continue
 				}

--- a/client/internal/networkmonitor/monitor_generic.go
+++ b/client/internal/networkmonitor/monitor_generic.go
@@ -59,7 +59,7 @@ func (nw *NetworkMonitor) Start(ctx context.Context, callback func()) (err error
 	// recover in case sys ops panic
 	defer func() {
 		if r := recover(); r != nil {
-			err = fmt.Errorf("panic occurred: %v, stack trace: %s", r, debug.Stack())
+			err = fmt.Errorf("panic occurred: %v, stack trace: %s", r, string(debug.Stack()))
 		}
 	}()

--- a/client/internal/networkmonitor/monitor_windows.go
+++ b/client/internal/networkmonitor/monitor_windows.go
@@ -3,73 +3,252 @@ package networkmonitor
 import (
 	"context"
 	"fmt"
+	"net"
+	"net/netip"
 	"strings"
+	"time"

 	log "github.com/sirupsen/logrus"

 	"github.com/netbirdio/netbird/client/internal/routemanager/systemops"
 )

+const (
+	unreachable = 0
+	incomplete  = 1
+	probe       = 2
+	delay       = 3
+	stale       = 4
+	reachable   = 5
+	permanent   = 6
+	tbd         = 7
+)
+
+const interval = 10 * time.Second
+
 func checkChange(ctx context.Context, nexthopv4, nexthopv6 systemops.Nexthop, callback func()) error {
-	routeMonitor, err := systemops.NewRouteMonitor(ctx)
-	if err != nil {
-		return fmt.Errorf("failed to create route monitor: %w", err)
-	}
-	defer func() {
-		if err := routeMonitor.Stop(); err != nil {
-			log.Errorf("Network monitor: failed to stop route monitor: %v", err)
+	var neighborv4, neighborv6 *systemops.Neighbor
+	{
+		initialNeighbors, err := getNeighbors()
+		if err != nil {
+			return fmt.Errorf("get neighbors: %w", err)
 		}
-	}()
+
+		neighborv4 = assignNeighbor(nexthopv4, initialNeighbors)
+		neighborv6 = assignNeighbor(nexthopv6, initialNeighbors)
+	}
+	log.Debugf("Network monitor: initial IPv4 neighbor: %v, IPv6 neighbor: %v", neighborv4, neighborv6)
+
+	ticker := time.NewTicker(interval)
+	defer ticker.Stop()

 	for {
 		select {
 		case <-ctx.Done():
 			return ErrStopped
-		case route := <-routeMonitor.RouteUpdates():
-			if route.Destination.Bits() != 0 {
-				continue
-			}
-
-			if routeChanged(route, nexthopv4, nexthopv6, callback) {
-				break
+		case <-ticker.C:
+			if changed(nexthopv4, neighborv4, nexthopv6, neighborv6) {
+				go callback()
+				return nil
 			}
 		}
 	}
 }

-func routeChanged(route systemops.RouteUpdate, nexthopv4, nexthopv6 systemops.Nexthop, callback func()) bool {
-	intf := "<nil>"
-	if route.Interface != nil {
-		intf = route.Interface.Name
-		if isSoftInterface(intf) {
-			log.Debugf("Network monitor: ignoring default route change for soft interface %s", intf)
-			return false
-		}
+func assignNeighbor(nexthop systemops.Nexthop, initialNeighbors map[netip.Addr]systemops.Neighbor) *systemops.Neighbor {
+	if n, ok := initialNeighbors[nexthop.IP]; ok &&
+		n.State != unreachable &&
+		n.State != incomplete &&
+		n.State != tbd {
+		return &n
+	}
+	return nil
+}
+
+func changed(
+	nexthopv4 systemops.Nexthop,
+	neighborv4 *systemops.Neighbor,
+	nexthopv6 systemops.Nexthop,
+	neighborv6 *systemops.Neighbor,
+) bool {
+	neighbors, err := getNeighbors()
+	if err != nil {
+		log.Errorf("network monitor: error fetching current neighbors: %v", err)
+		return false
+	}
+	if neighborChanged(nexthopv4, neighborv4, neighbors) || neighborChanged(nexthopv6, neighborv6, neighbors) {
+		return true
 	}

-	switch route.Type {
-	case systemops.RouteModified:
-		// TODO: get routing table to figure out if our route is affected for modified routes
-		log.Infof("Network monitor: default route changed: via %s, interface %s", route.NextHop, intf)
-		go callback()
+	routes, err := getRoutes()
+	if err != nil {
+		log.Errorf("network monitor: error fetching current routes: %v", err)
+		return false
+	}
+
+	if routeChanged(nexthopv4, nexthopv4.Intf, routes) || routeChanged(nexthopv6, nexthopv6.Intf, routes) {
 		return true
-	case systemops.RouteAdded:
-		if route.NextHop.Is4() && route.NextHop != nexthopv4.IP || route.NextHop.Is6() && route.NextHop != nexthopv6.IP {
-			log.Infof("Network monitor: default route added: via %s, interface %s", route.NextHop, intf)
-			go callback()
-			return true
-		}
-	case systemops.RouteDeleted:
-		if nexthopv4.Intf != nil && route.NextHop == nexthopv4.IP || nexthopv6.Intf != nil && route.NextHop == nexthopv6.IP {
-			log.Infof("Network monitor: default route removed: via %s, interface %s", route.NextHop, intf)
-			go callback()
-			return true
-		}
 	}

 	return false
 }

+// routeChanged checks if the default routes still point to our nexthop/interface
+func routeChanged(nexthop systemops.Nexthop, intf *net.Interface, routes []systemops.Route) bool {
+	if !nexthop.IP.IsValid() {
+		return false
+	}
+
+	if isSoftInterface(nexthop.Intf.Name) {
+		log.Tracef("network monitor: ignoring default route change for soft interface %s", nexthop.Intf.Name)
+		return false
+	}
+
+	unspec := getUnspecifiedPrefix(nexthop.IP)
+	defaultRoutes, foundMatchingRoute := processRoutes(nexthop, intf, routes, unspec)
+
+	log.Tracef("network monitor: all default routes:\n%s", strings.Join(defaultRoutes, "\n"))
+
+	if !foundMatchingRoute {
+		logRouteChange(nexthop.IP, intf)
+		return true
+	}
+
+	return false
+}
+
+func getUnspecifiedPrefix(ip netip.Addr) netip.Prefix {
+	if ip.Is6() {
+		return netip.PrefixFrom(netip.IPv6Unspecified(), 0)
+	}
+	return netip.PrefixFrom(netip.IPv4Unspecified(), 0)
+}
+
+func processRoutes(nexthop systemops.Nexthop, nexthopIntf *net.Interface, routes []systemops.Route, unspec netip.Prefix) ([]string, bool) {
+	var defaultRoutes []string
+	foundMatchingRoute := false
+
+	for _, r := range routes {
+		if r.Destination == unspec {
+			routeInfo := formatRouteInfo(r)
+			defaultRoutes = append(defaultRoutes, routeInfo)
+
+			if r.Nexthop == nexthop.IP && compareIntf(r.Interface, nexthopIntf) == 0 {
+				foundMatchingRoute = true
+				log.Debugf("network monitor: found matching default route: %s", routeInfo)
+			}
+		}
+	}
+
+	return defaultRoutes, foundMatchingRoute
+}
+
+func formatRouteInfo(r systemops.Route) string {
+	newIntf := "<nil>"
+	if r.Interface != nil {
+		newIntf = r.Interface.Name
+	}
+	return fmt.Sprintf("Nexthop: %s, Interface: %s", r.Nexthop, newIntf)
+}
+
+func logRouteChange(ip netip.Addr, intf *net.Interface) {
+	oldIntf := "<nil>"
+	if intf != nil {
+		oldIntf = intf.Name
+	}
+	log.Infof("network monitor: default route for %s (%s) is gone or changed", ip, oldIntf)
+}
+
+func neighborChanged(nexthop systemops.Nexthop, neighbor *systemops.Neighbor, neighbors map[netip.Addr]systemops.Neighbor) bool {
+	if neighbor == nil {
+		return false
+	}
+
+	// TODO: consider non-local nexthops, e.g. on point-to-point interfaces
+	if n, ok := neighbors[nexthop.IP]; ok {
+		if n.State == unreachable || n.State == incomplete {
+			log.Infof("network monitor: neighbor %s (%s) is not reachable: %s", neighbor.IPAddress, neighbor.LinkLayerAddress, stateFromInt(n.State))
+			return true
+		} else if n.InterfaceIndex != neighbor.InterfaceIndex {
+			log.Infof(
+				"network monitor: neighbor %s (%s) changed interface from '%s' (%d) to '%s' (%d): %s",
+				neighbor.IPAddress,
+				neighbor.LinkLayerAddress,
+				neighbor.InterfaceAlias,
+				neighbor.InterfaceIndex,
+				n.InterfaceAlias,
+				n.InterfaceIndex,
+				stateFromInt(n.State),
+			)
+			return true
+		}
+	} else {
+		log.Infof("network monitor: neighbor %s (%s) is gone", neighbor.IPAddress, neighbor.LinkLayerAddress)
+		return true
+	}
+
+	return false
+}
+
+func getNeighbors() (map[netip.Addr]systemops.Neighbor, error) {
+	entries, err := systemops.GetNeighbors()
+	if err != nil {
+		return nil, fmt.Errorf("get neighbors: %w", err)
+	}
+
+	neighbours := make(map[netip.Addr]systemops.Neighbor, len(entries))
+	for _, entry := range entries {
+		neighbours[entry.IPAddress] = entry
+	}
+
+	return neighbours, nil
+}
+
+func getRoutes() ([]systemops.Route, error) {
+	entries, err := systemops.GetRoutes()
+	if err != nil {
+		return nil, fmt.Errorf("get routes: %w", err)
+	}
+
+	return entries, nil
+}
+
+func stateFromInt(state uint8) string {
+	switch state {
+	case unreachable:
+		return "unreachable"
+	case incomplete:
+		return "incomplete"
+	case probe:
+		return "probe"
+	case delay:
+		return "delay"
+	case stale:
+		return "stale"
+	case reachable:
+		return "reachable"
+	case permanent:
+		return "permanent"
+	case tbd:
+		return "tbd"
+	default:
+		return "unknown"
+	}
+}
+
+func compareIntf(a, b *net.Interface) int {
+	switch {
+	case a == nil && b == nil:
+		return 0
+	case a == nil:
+		return -1
+	case b == nil:
+		return 1
+	default:
+		return a.Index - b.Index
+	}
+}
+
 func isSoftInterface(name string) bool {
 	return strings.Contains(strings.ToLower(name), "isatap") || strings.Contains(strings.ToLower(name), "teredo")
 }
--- a/client/internal/peer/conn.go
+++ b/client/internal/peer/conn.go
@@ -147,7 +147,7 @@ func NewConn(engineCtx context.Context, config ConnConfig, statusRecorder *Statu
 		OnStatusChanged: conn.onWorkerICEStateDisconnected,
 	}

-	conn.workerRelay = NewWorkerRelay(connLog, config, relayManager, rFns)
+	conn.workerRelay = NewWorkerRelay(ctx, connLog, config, relayManager, rFns)

 	relayIsSupportedLocally := conn.workerRelay.RelayIsSupportedLocally()
 	conn.workerICE, err = NewWorkerICE(ctx, connLog, config, signaler, iFaceDiscover, statusRecorder, relayIsSupportedLocally, wFns)
@@ -204,6 +204,7 @@ func (conn *Conn) startHandshakeAndReconnect() {
 	} else {
 		conn.reconnectLoopForOnDisconnectedEvent()
 	}
+
 }

 // Close closes this peer Conn issuing a close event to the Conn closeCh
@@ -211,18 +212,13 @@ func (conn *Conn) Close() {
 	conn.mu.Lock()
 	defer conn.mu.Unlock()

-	conn.log.Infof("close peer connection")
 	conn.ctxCancel()

 	if !conn.opened {
-		conn.log.Debugf("ignore close connection to peer")
+		log.Debugf("ignore close connection to peer")
 		return
 	}

-	conn.workerRelay.DisableWgWatcher()
-	conn.workerRelay.CloseConn()
-	conn.workerICE.Close()
-
 	if conn.wgProxyRelay != nil {
 		err := conn.wgProxyRelay.CloseConn()
 		if err != nil {
@@ -324,11 +320,11 @@ func (conn *Conn) reconnectLoopWithRetry() {

 			if conn.workerRelay.IsRelayConnectionSupportedWithPeer() {
 				if conn.statusRelay == StatusDisconnected || conn.statusICE == StatusDisconnected {
-					conn.log.Tracef("connectivity guard timedout, relay state: %s, ice state: %s", conn.statusRelay, conn.statusICE)
+					conn.log.Tracef("ticker timedout, relay state: %s, ice state: %s", conn.statusRelay, conn.statusICE)
 				}
 			} else {
 				if conn.statusICE == StatusDisconnected {
-					conn.log.Tracef("connectivity guard timedout, ice state: %s", conn.statusICE)
+					conn.log.Tracef("ticker timedout, ice state: %s", conn.statusICE)
 				}
 			}

@@ -356,7 +352,6 @@ func (conn *Conn) reconnectLoopWithRetry() {
 			ticker.Stop()
 			ticker = conn.prepareExponentTicker()
 		case <-conn.ctx.Done():
-			conn.log.Debugf("context is done, stop reconnect loop")
 			return
 		}
 	}
@@ -397,7 +392,6 @@ func (conn *Conn) reconnectLoopForOnDisconnectedEvent() {
 			}
 			conn.log.Debugf("ICE state changed, try to send new offer")
 		case <-conn.ctx.Done():
-			conn.log.Debugf("context is done, stop reconnect loop")
 			return
 		}

@@ -444,9 +438,7 @@ func (conn *Conn) iCEConnectionIsReady(priority ConnPriority, iceConnInfo ICECon
 		}
 	}

-	conn.workerRelay.DisableWgWatcher()
-
-	err = conn.configureWGEndpoint(endpointUdpAddr)
+	err = conn.config.WgConfig.WgInterface.UpdatePeer(conn.config.WgConfig.RemoteKey, conn.config.WgConfig.AllowedIps, defaultWgKeepAlive, endpointUdpAddr, conn.config.WgConfig.PreSharedKey)
 	if err != nil {
 		if wgProxy != nil {
 			if err := wgProxy.CloseConn(); err != nil {
@@ -475,10 +467,6 @@ func (conn *Conn) onWorkerICEStateDisconnected(newState ConnStatus) {
 	conn.mu.Lock()
 	defer conn.mu.Unlock()

-	if conn.ctx.Err() != nil {
-		return
-	}
-
 	conn.log.Tracef("ICE connection state changed to %s", newState)

 	// switch back to relay connection
@@ -488,8 +476,6 @@ func (conn *Conn) onWorkerICEStateDisconnected(newState ConnStatus) {
 		if err != nil {
 			conn.log.Errorf("failed to switch to relay conn: %v", err)
 		}
-		conn.workerRelay.EnableWgWatcher(conn.ctx)
-		conn.currentConnPriority = connPriorityRelay
 	}

 	changed := conn.statusICE != newState && newState != StatusConnecting
@@ -560,7 +546,6 @@ func (conn *Conn) relayConnectionIsReady(rci RelayConnInfo) {
 		return
 	}
 	wgConfigWorkaround()
-	conn.workerRelay.EnableWgWatcher(conn.ctx)

 	if conn.wgProxyRelay != nil {
 		if err := conn.wgProxyRelay.CloseConn(); err != nil {
@@ -578,10 +563,6 @@ func (conn *Conn) onWorkerRelayStateDisconnected() {
 	conn.mu.Lock()
 	defer conn.mu.Unlock()

-	if conn.ctx.Err() != nil {
-		return
-	}
-
 	if conn.wgProxyRelay != nil {
 		log.Debugf("relayed connection is closed, clean up WireGuard config")
 		err := conn.config.WgConfig.WgInterface.RemovePeer(conn.config.WgConfig.RemoteKey)
--- a/client/internal/peer/handshaker.go
+++ b/client/internal/peer/handshaker.go
@@ -79,8 +79,7 @@ func (h *Handshaker) Listen() {
 		h.log.Debugf("wait for remote offer confirmation")
 		remoteOfferAnswer, err := h.waitForRemoteOfferConfirmation()
 		if err != nil {
-			var connectionClosedError *ConnectionClosedError
-			if errors.As(err, &connectionClosedError) {
+			if _, ok := err.(*ConnectionClosedError); ok {
 				h.log.Tracef("stop handshaker")
 				return
 			}
--- a/client/internal/peer/status.go
+++ b/client/internal/peer/status.go
@@ -3,7 +3,6 @@ package peer
 import (
 	"errors"
 	"net/netip"
-	"slices"
 	"sync"
 	"time"

@@ -652,35 +651,29 @@ func (d *Status) GetSignalState() SignalState {
 	}
 }

-// GetRelayStates returns the stun/turn/permanent relay states
 func (d *Status) GetRelayStates() []relay.ProbeResult {
 	if d.relayMgr == nil {
 		return d.relayStates
 	}

 	// extend the list of stun, turn servers with relay address
-	relayStates := slices.Clone(d.relayStates)
+	relaysState := make([]relay.ProbeResult, len(d.relayStates), len(d.relayStates)+1)
+	copy(relaysState, d.relayStates)

-	var relayState relay.ProbeResult
+	relayState := relay.ProbeResult{}

 	// if the server connection is not established then we will use the general address
 	// in case of connection we will use the instance specific address
 	instanceAddr, err := d.relayMgr.RelayInstanceAddress()
 	if err != nil {
-		// TODO add their status
-		if errors.Is(err, relayClient.ErrRelayClientNotConnected) {
-			for _, r := range d.relayMgr.ServerURLs() {
-				relayStates = append(relayStates, relay.ProbeResult{
-					URI: r,
-				})
-			}
-			return relayStates
-		}
+		relayState.URI = d.relayMgr.ServerURL()
 		relayState.Err = err
+	} else {
+		relayState.URI = instanceAddr
 	}

-	relayState.URI = instanceAddr
-	return append(relayStates, relayState)
+	relaysState = append(relaysState, relayState)
+	return relaysState
 }

 func (d *Status) GetDNSStates() []NSGroupState {
--- a/client/internal/peer/worker_ice.go
+++ b/client/internal/peer/worker_ice.go
@@ -38,7 +38,7 @@ var (

 type ICEConfig struct {
 	// StunTurn is a list of STUN and TURN URLs
-	StunTurn *atomic.Value // []*stun.URI
+	StunTurn atomic.Value // []*stun.URI

 	// InterfaceBlackList is a list of machine interfaces that should be filtered out by ICE Candidate gathering
 	// (e.g. if eth0 is in the list, host candidate of this interface won't be used)
@@ -218,20 +218,6 @@ func (w *WorkerICE) GetLocalUserCredentials() (frag string, pwd string) {
 	return w.localUfrag, w.localPwd
 }

-func (w *WorkerICE) Close() {
-	w.muxAgent.Lock()
-	defer w.muxAgent.Unlock()
-
-	if w.agent == nil {
-		return
-	}
-
-	err := w.agent.Close()
-	if err != nil {
-		w.log.Warnf("failed to close ICE agent: %s", err)
-	}
-}
-
 func (w *WorkerICE) reCreateAgent(agentCancel context.CancelFunc, relaySupport []ice.CandidateType) (*ice.Agent, error) {
 	transportNet, err := w.newStdNet()
 	if err != nil {
@@ -467,4 +453,5 @@ func generateICECredentials() (string, string, error) {
 		return "", "", err
 	}
 	return ufrag, pwd, nil
+
 }
--- a/client/internal/peer/worker_relay.go
+++ b/client/internal/peer/worker_relay.go
@@ -4,7 +4,6 @@ import (
 	"context"
 	"errors"
 	"net"
-	"sync"
 	"sync/atomic"
 	"time"

@@ -15,7 +14,7 @@ import (

 var (
 	wgHandshakePeriod   = 2 * time.Minute
-	wgHandshakeOvertime = 30 * time.Second
+	wgHandshakeOvertime = 30000 * time.Millisecond
 )

 type RelayConnInfo struct {
@@ -30,26 +29,23 @@ type WorkerRelayCallbacks struct {
 }

 type WorkerRelay struct {
+	parentCtx    context.Context
 	log          *log.Entry
 	config       ConnConfig
 	relayManager relayClient.ManagerService
-	callBacks    WorkerRelayCallbacks
-
-	relayedConn      net.Conn
-	relayLock        sync.Mutex
-	ctxWgWatch       context.Context
-	ctxCancelWgWatch context.CancelFunc
-	ctxLock          sync.Mutex
+	conn         WorkerRelayCallbacks

+	ctxCancel                  context.CancelFunc
 	relaySupportedOnRemotePeer atomic.Bool
 }

-func NewWorkerRelay(log *log.Entry, config ConnConfig, relayManager relayClient.ManagerService, callbacks WorkerRelayCallbacks) *WorkerRelay {
+func NewWorkerRelay(ctx context.Context, log *log.Entry, config ConnConfig, relayManager relayClient.ManagerService, callbacks WorkerRelayCallbacks) *WorkerRelay {
 	r := &WorkerRelay{
+		parentCtx:    ctx,
 		log:          log,
 		config:       config,
 		relayManager: relayManager,
-		callBacks:    callbacks,
+		conn:         callbacks,
 	}
 	return r
 }
@@ -73,6 +69,7 @@ func (w *WorkerRelay) OnNewOffer(remoteOfferAnswer *OfferAnswer) {

 	relayedConn, err := w.relayManager.OpenConn(srv, w.config.Key)
 	if err != nil {
+		// todo handle all type errors
 		if errors.Is(err, relayClient.ErrConnAlreadyExists) {
 			w.log.Infof("do not need to reopen relay connection")
 			return
@@ -80,54 +77,28 @@ func (w *WorkerRelay) OnNewOffer(remoteOfferAnswer *OfferAnswer) {
 		w.log.Errorf("failed to open connection via Relay: %s", err)
 		return
 	}
-	w.relayLock.Lock()
-	w.relayedConn = relayedConn
-	w.relayLock.Unlock()

-	err = w.relayManager.AddCloseListener(srv, w.onRelayMGDisconnected)
+	ctx, ctxCancel := context.WithCancel(w.parentCtx)
+	w.ctxCancel = ctxCancel
+
+	err = w.relayManager.AddCloseListener(srv, w.disconnected)
 	if err != nil {
 		log.Errorf("failed to add close listener: %s", err)
 		_ = relayedConn.Close()
+		ctxCancel()
 		return
 	}

+	go w.wgStateCheck(ctx, relayedConn)
+
 	w.log.Debugf("peer conn opened via Relay: %s", srv)
-	go w.callBacks.OnConnReady(RelayConnInfo{
+	go w.conn.OnConnReady(RelayConnInfo{
 		relayedConn:     relayedConn,
 		rosenpassPubKey: remoteOfferAnswer.RosenpassPubKey,
 		rosenpassAddr:   remoteOfferAnswer.RosenpassAddr,
 	})
 }

-func (w *WorkerRelay) EnableWgWatcher(ctx context.Context) {
-	w.log.Debugf("enable WireGuard watcher")
-	w.ctxLock.Lock()
-	defer w.ctxLock.Unlock()
-
-	if w.ctxWgWatch != nil && w.ctxWgWatch.Err() == nil {
-		return
-	}
-
-	ctx, ctxCancel := context.WithCancel(ctx)
-	go w.wgStateCheck(ctx)
-	w.ctxWgWatch = ctx
-	w.ctxCancelWgWatch = ctxCancel
-
-}
-
-func (w *WorkerRelay) DisableWgWatcher() {
-	w.ctxLock.Lock()
-	defer w.ctxLock.Unlock()
-
-	if w.ctxCancelWgWatch == nil {
-		return
-	}
-
-	w.log.Debugf("disable WireGuard watcher")
-
-	w.ctxCancelWgWatch()
-}
-
 func (w *WorkerRelay) RelayInstanceAddress() (string, error) {
 	return w.relayManager.RelayInstanceAddress()
 }
@@ -144,24 +115,10 @@ func (w *WorkerRelay) RelayIsSupportedLocally() bool {
 	return w.relayManager.HasRelayAddress()
 }

-func (w *WorkerRelay) CloseConn() {
-	w.relayLock.Lock()
-	defer w.relayLock.Unlock()
-	if w.relayedConn == nil {
-		return
-	}
-
-	err := w.relayedConn.Close()
-	if err != nil {
-		w.log.Warnf("failed to close relay connection: %v", err)
-	}
-}
-
 // wgStateCheck help to check the state of the wireguard handshake and relay connection
-func (w *WorkerRelay) wgStateCheck(ctx context.Context) {
+func (w *WorkerRelay) wgStateCheck(ctx context.Context, conn net.Conn) {
 	timer := time.NewTimer(wgHandshakeOvertime)
 	defer timer.Stop()
-	expected := wgHandshakeOvertime
 	for {
 		select {
 		case <-timer.C:
@@ -172,19 +129,15 @@ func (w *WorkerRelay) wgStateCheck(ctx context.Context) {
 			}
 			w.log.Tracef("last handshake: %v", lastHandshake)

-			if time.Since(lastHandshake) > expected {
+			if time.Since(lastHandshake) > wgHandshakePeriod {
 				w.log.Infof("Wireguard handshake timed out, closing relay connection")
-				w.relayLock.Lock()
-				_ = w.relayedConn.Close()
-				w.relayLock.Unlock()
-				w.callBacks.OnDisconnected()
+				_ = conn.Close()
+				w.conn.OnDisconnected()
 				return
 			}
-			resetTime := time.Until(lastHandshake.Add(wgHandshakePeriod + wgHandshakeOvertime))
+			resetTime := time.Until(lastHandshake.Add(wgHandshakeOvertime + wgHandshakePeriod))
 			timer.Reset(resetTime)
-			expected = wgHandshakePeriod
 		case <-ctx.Done():
-			w.log.Debugf("WireGuard watcher stopped")
 			return
 		}
 	}
@@ -212,12 +165,9 @@ func (w *WorkerRelay) wgState() (time.Time, error) {
 	return wgState.LastHandshake, nil
 }

-func (w *WorkerRelay) onRelayMGDisconnected() {
-	w.ctxLock.Lock()
-	defer w.ctxLock.Unlock()
-
-	if w.ctxCancelWgWatch != nil {
-		w.ctxCancelWgWatch()
+func (w *WorkerRelay) disconnected() {
+	if w.ctxCancel != nil {
+		w.ctxCancel()
 	}
-	go w.callBacks.OnDisconnected()
+	w.conn.OnDisconnected()
 }
--- a/client/internal/pkce_auth.go
+++ b/client/internal/pkce_auth.go
@@ -2,7 +2,6 @@ package internal

 import (
 	"context"
-	"crypto/tls"
 	"fmt"
 	"net/url"

@@ -37,12 +36,10 @@ type PKCEAuthProviderConfig struct {
 	RedirectURLs []string
 	// UseIDToken indicates if the id token should be used for authentication
 	UseIDToken bool
-	//ClientCertPair is used for mTLS authentication to the IDP
-	ClientCertPair *tls.Certificate
 }

 // GetPKCEAuthorizationFlowInfo initialize a PKCEAuthorizationFlow instance and return with it
-func GetPKCEAuthorizationFlowInfo(ctx context.Context, privateKey string, mgmURL *url.URL, clientCert *tls.Certificate) (PKCEAuthorizationFlow, error) {
+func GetPKCEAuthorizationFlowInfo(ctx context.Context, privateKey string, mgmURL *url.URL) (PKCEAuthorizationFlow, error) {
 	// validate our peer's Wireguard PRIVATE key
 	myPrivateKey, err := wgtypes.ParseKey(privateKey)
 	if err != nil {
@@ -96,7 +93,6 @@ func GetPKCEAuthorizationFlowInfo(ctx context.Context, privateKey string, mgmURL
 			Scope:                 protoPKCEAuthorizationFlow.GetProviderConfig().GetScope(),
 			RedirectURLs:          protoPKCEAuthorizationFlow.GetProviderConfig().GetRedirectURLs(),
 			UseIDToken:            protoPKCEAuthorizationFlow.GetProviderConfig().GetUseIDToken(),
-			ClientCertPair:        clientCert,
 		},
 	}

--- a/client/internal/probe.go
+++ b/client/internal/probe.go
@@ -2,13 +2,6 @@ package internal

 import "context"

-type ProbeHolder struct {
-	MgmProbe    *Probe
-	SignalProbe *Probe
-	RelayProbe  *Probe
-	WgProbe     *Probe
-}
-
 // Probe allows to run on-demand callbacks from different code locations.
 // Pass the probe to a receiving and a sending end. The receiving end starts listening
 // to requests with Receive and executes a callback when the sending end requests it
--- a/client/internal/routemanager/client.go
+++ b/client/internal/routemanager/client.go
@@ -95,8 +95,8 @@ func (c *clientNetwork) getRouterPeerStatuses() map[route.ID]routerPeerStatus {
 // * Connected peers: Only routes with connected peers are considered.
 // * Metric: Routes with lower metrics (better) are prioritized.
 // * Non-relayed: Routes without relays are preferred.
+// * Direct connections: Routes with direct peer connections are favored.
 // * Latency: Routes with lower latency are prioritized.
-// * we compare the current score + 10ms to the chosen score to avoid flapping between routes
 // * Stability: In case of equal scores, the currently active route (if any) is maintained.
 //
 // It returns the ID of the selected optimal route.
@@ -136,11 +136,13 @@ func (c *clientNetwork) getBestRouteFromStatuses(routePeerStatuses map[route.ID]
 		}

 		if tempScore > chosenScore || (tempScore == chosenScore && chosen == "") {
+			log.Infof("tempScore(%f) > chosenScore(%f) || (tempScore(%f) == chosenScore(%f) && chosen == \"\"(%s): chosen: %s", tempScore, chosenScore, tempScore, chosenScore, chosen, r.ID)
 			chosen = r.ID
 			chosenScore = tempScore
 		}

 		if chosen == "" && currID == "" {
+			log.Infof("chosen == \"\" && currID == \"\" , chosen: %s", r.ID)
 			chosen = r.ID
 			chosenScore = tempScore
 		}
@@ -159,6 +161,7 @@ func (c *clientNetwork) getBestRouteFromStatuses(routePeerStatuses map[route.ID]

 		log.Warnf("The network [%v] has not been assigned a routing peer as no peers from the list %s are currently connected", c.handler, peers)
 	case chosen != currID:
+		log.Infof("chosen != currID, chosen: %s", chosen)
 		// we compare the current score + 10ms to the chosen score to avoid flapping between routes
 		if currScore != 0 && currScore+0.01 > chosenScore {
 			log.Debugf("Keeping current routing peer because the score difference with latency is less than 0.01(10ms), current: %f, new: %f", currScore, chosenScore)
--- a/client/internal/routemanager/client_test.go
+++ b/client/internal/routemanager/client_test.go
@@ -3,7 +3,8 @@ package routemanager
 import (
 	"net/netip"
 	"testing"
-	"time"
+
+	log "github.com/sirupsen/logrus"

 	"github.com/netbirdio/netbird/client/internal/routemanager/static"
 	"github.com/netbirdio/netbird/route"
@@ -19,79 +20,7 @@ func TestGetBestrouteFromStatuses(t *testing.T) {
 		existingRoutes  map[route.ID]*route.Route
 	}{
 		{
-			name: "one route",
-			statuses: map[route.ID]routerPeerStatus{
-				"route1": {
-					connected: true,
-					relayed:   false,
-				},
-			},
-			existingRoutes: map[route.ID]*route.Route{
-				"route1": {
-					ID:     "route1",
-					Metric: route.MaxMetric,
-					Peer:   "peer1",
-				},
-			},
-			currentRoute:    "",
-			expectedRouteID: "route1",
-		},
-		{
-			name: "one connected routes with relayed and direct",
-			statuses: map[route.ID]routerPeerStatus{
-				"route1": {
-					connected: true,
-					relayed:   true,
-				},
-			},
-			existingRoutes: map[route.ID]*route.Route{
-				"route1": {
-					ID:     "route1",
-					Metric: route.MaxMetric,
-					Peer:   "peer1",
-				},
-			},
-			currentRoute:    "",
-			expectedRouteID: "route1",
-		},
-		{
-			name: "one connected routes with relayed and no direct",
-			statuses: map[route.ID]routerPeerStatus{
-				"route1": {
-					connected: true,
-					relayed:   true,
-				},
-			},
-			existingRoutes: map[route.ID]*route.Route{
-				"route1": {
-					ID:     "route1",
-					Metric: route.MaxMetric,
-					Peer:   "peer1",
-				},
-			},
-			currentRoute:    "",
-			expectedRouteID: "route1",
-		},
-		{
-			name: "no connected peers",
-			statuses: map[route.ID]routerPeerStatus{
-				"route1": {
-					connected: false,
-					relayed:   false,
-				},
-			},
-			existingRoutes: map[route.ID]*route.Route{
-				"route1": {
-					ID:     "route1",
-					Metric: route.MaxMetric,
-					Peer:   "peer1",
-				},
-			},
-			currentRoute:    "",
-			expectedRouteID: "",
-		},
-		{
-			name: "multiple connected peers with different metrics",
+			name: "multiple connected peers with one direct",
 			statuses: map[route.ID]routerPeerStatus{
 				"route1": {
 					connected: true,
@@ -102,33 +31,6 @@ func TestGetBestrouteFromStatuses(t *testing.T) {
 					relayed:   false,
 				},
 			},
-			existingRoutes: map[route.ID]*route.Route{
-				"route1": {
-					ID:     "route1",
-					Metric: 9000,
-					Peer:   "peer1",
-				},
-				"route2": {
-					ID:     "route2",
-					Metric: route.MaxMetric,
-					Peer:   "peer2",
-				},
-			},
-			currentRoute:    "",
-			expectedRouteID: "route1",
-		},
-		{
-			name: "multiple connected peers with one relayed",
-			statuses: map[route.ID]routerPeerStatus{
-				"route1": {
-					connected: true,
-					relayed:   false,
-				},
-				"route2": {
-					connected: true,
-					relayed:   true,
-				},
-			},
 			existingRoutes: map[route.ID]*route.Route{
 				"route1": {
 					ID:     "route1",
@@ -144,169 +46,31 @@ func TestGetBestrouteFromStatuses(t *testing.T) {
 			currentRoute:    "",
 			expectedRouteID: "route1",
 		},
-		{
-			name: "multiple connected peers with different latencies",
-			statuses: map[route.ID]routerPeerStatus{
-				"route1": {
-					connected: true,
-					latency:   300 * time.Millisecond,
-				},
-				"route2": {
-					connected: true,
-					latency:   10 * time.Millisecond,
-				},
-			},
-			existingRoutes: map[route.ID]*route.Route{
-				"route1": {
-					ID:     "route1",
-					Metric: route.MaxMetric,
-					Peer:   "peer1",
-				},
-				"route2": {
-					ID:     "route2",
-					Metric: route.MaxMetric,
-					Peer:   "peer2",
-				},
-			},
-			currentRoute:    "",
-			expectedRouteID: "route2",
-		},
-		{
-			name: "should ignore routes with latency 0",
-			statuses: map[route.ID]routerPeerStatus{
-				"route1": {
-					connected: true,
-					latency:   0 * time.Millisecond,
-				},
-				"route2": {
-					connected: true,
-					latency:   10 * time.Millisecond,
-				},
-			},
-			existingRoutes: map[route.ID]*route.Route{
-				"route1": {
-					ID:     "route1",
-					Metric: route.MaxMetric,
-					Peer:   "peer1",
-				},
-				"route2": {
-					ID:     "route2",
-					Metric: route.MaxMetric,
-					Peer:   "peer2",
-				},
-			},
-			currentRoute:    "",
-			expectedRouteID: "route2",
-		},
-		{
-			name: "current route with similar score and similar but slightly worse latency should not change",
-			statuses: map[route.ID]routerPeerStatus{
-				"route1": {
-					connected: true,
-					relayed:   false,
-					latency:   15 * time.Millisecond,
-				},
-				"route2": {
-					connected: true,
-					relayed:   false,
-					latency:   10 * time.Millisecond,
-				},
-			},
-			existingRoutes: map[route.ID]*route.Route{
-				"route1": {
-					ID:     "route1",
-					Metric: route.MaxMetric,
-					Peer:   "peer1",
-				},
-				"route2": {
-					ID:     "route2",
-					Metric: route.MaxMetric,
-					Peer:   "peer2",
-				},
-			},
-			currentRoute:    "route1",
-			expectedRouteID: "route1",
-		},
-		{
-			name: "current route with bad score should be changed to route with better score",
-			statuses: map[route.ID]routerPeerStatus{
-				"route1": {
-					connected: true,
-					relayed:   false,
-					latency:   200 * time.Millisecond,
-				},
-				"route2": {
-					connected: true,
-					relayed:   false,
-					latency:   10 * time.Millisecond,
-				},
-			},
-			existingRoutes: map[route.ID]*route.Route{
-				"route1": {
-					ID:     "route1",
-					Metric: route.MaxMetric,
-					Peer:   "peer1",
-				},
-				"route2": {
-					ID:     "route2",
-					Metric: route.MaxMetric,
-					Peer:   "peer2",
-				},
-			},
-			currentRoute:    "route1",
-			expectedRouteID: "route2",
-		},
-		{
-			name: "current chosen route doesn't exist anymore",
-			statuses: map[route.ID]routerPeerStatus{
-				"route1": {
-					connected: true,
-					relayed:   false,
-					latency:   20 * time.Millisecond,
-				},
-				"route2": {
-					connected: true,
-					relayed:   false,
-					latency:   10 * time.Millisecond,
-				},
-			},
-			existingRoutes: map[route.ID]*route.Route{
-				"route1": {
-					ID:     "route1",
-					Metric: route.MaxMetric,
-					Peer:   "peer1",
-				},
-				"route2": {
-					ID:     "route2",
-					Metric: route.MaxMetric,
-					Peer:   "peer2",
-				},
-			},
-			currentRoute:    "routeDoesntExistAnymore",
-			expectedRouteID: "route2",
-		},
 	}

-	for _, tc := range testCases {
-		t.Run(tc.name, func(t *testing.T) {
-			currentRoute := &route.Route{
-				ID: "routeDoesntExistAnymore",
-			}
-			if tc.currentRoute != "" {
-				currentRoute = tc.existingRoutes[tc.currentRoute]
-			}
+	for i := 0; i < 10; i++ {
+		log.Infof("Test iteration %d", i)
+		for _, tc := range testCases {
+			t.Run(tc.name, func(t *testing.T) {
+				currentRoute := &route.Route{
+					ID: "routeDoesntExistAnymore",
+				}
+				if tc.currentRoute != "" {
+					currentRoute = tc.existingRoutes[tc.currentRoute]
+				}

-			// create new clientNetwork
-			client := &clientNetwork{
-				handler:       static.NewRoute(&route.Route{Network: netip.MustParsePrefix("192.168.0.0/24")}, nil, nil),
-				routes:        tc.existingRoutes,
-				currentChosen: currentRoute,
-			}
+				// create new clientNetwork
+				client := &clientNetwork{
+					handler:       static.NewRoute(&route.Route{Network: netip.MustParsePrefix("192.168.0.0/24")}, nil, nil),
+					routes:        tc.existingRoutes,
+					currentChosen: currentRoute,
+				}

-			chosenRoute := client.getBestRouteFromStatuses(tc.statuses)
-			if chosenRoute != tc.expectedRouteID {
-				t.Errorf("expected routeID %s, got %s", tc.expectedRouteID, chosenRoute)
-			}
-		})
+				chosenRoute := client.getBestRouteFromStatuses(tc.statuses)
+				if chosenRoute != tc.expectedRouteID {
+					t.Errorf("expected routeID %s, got %s", tc.expectedRouteID, chosenRoute)
+				}
+			})
+		}
 	}
 }
--- a/client/internal/routemanager/manager.go
+++ b/client/internal/routemanager/manager.go
@@ -22,7 +22,6 @@ import (
 	"github.com/netbirdio/netbird/client/internal/routemanager/vars"
 	"github.com/netbirdio/netbird/client/internal/routeselector"
 	"github.com/netbirdio/netbird/iface"
-	relayClient "github.com/netbirdio/netbird/relay/client"
 	"github.com/netbirdio/netbird/route"
 	nbnet "github.com/netbirdio/netbird/util/net"
 	"github.com/netbirdio/netbird/version"
@@ -50,7 +49,6 @@ type DefaultManager struct {
 	serverRouter         serverRouter
 	sysOps               *systemops.SysOps
 	statusRecorder       *peer.Status
-	relayMgr             *relayClient.Manager
 	wgInterface          iface.IWGIface
 	pubKey               string
 	notifier             *notifier.Notifier
@@ -65,7 +63,6 @@ func NewManager(
 	dnsRouteInterval time.Duration,
 	wgInterface iface.IWGIface,
 	statusRecorder *peer.Status,
-	relayMgr *relayClient.Manager,
 	initialRoutes []*route.Route,
 ) *DefaultManager {
 	mCTX, cancel := context.WithCancel(ctx)
@@ -77,7 +74,6 @@ func NewManager(
 		stop:             cancel,
 		dnsRouteInterval: dnsRouteInterval,
 		clientNetworks:   make(map[route.HAUniqueID]*clientNetwork),
-		relayMgr:         relayMgr,
 		routeSelector:    routeselector.NewRouteSelector(),
 		sysOps:           sysOps,
 		statusRecorder:   statusRecorder,
@@ -128,12 +124,9 @@ func (m *DefaultManager) Init() (nbnet.AddHookFunc, nbnet.RemoveHookFunc, error)
 		log.Warnf("Failed cleaning up routing: %v", err)
 	}

-	initialAddresses := []string{m.statusRecorder.GetManagementState().URL, m.statusRecorder.GetSignalState().URL}
-	if m.relayMgr != nil {
-		initialAddresses = append(initialAddresses, m.relayMgr.ServerURLs()...)
-	}
-
-	ips := resolveURLsToIPs(initialAddresses)
+	mgmtAddress := m.statusRecorder.GetManagementState().URL
+	signalAddress := m.statusRecorder.GetSignalState().URL
+	ips := resolveURLsToIPs([]string{mgmtAddress, signalAddress})

 	beforePeerHook, afterPeerHook, err := m.sysOps.SetupRouting(ips)
 	if err != nil {
--- a/client/internal/routemanager/manager_test.go
+++ b/client/internal/routemanager/manager_test.go
@@ -416,7 +416,7 @@ func TestManagerUpdateRoutes(t *testing.T) {

 			statusRecorder := peer.NewRecorder("https://mgm")
 			ctx := context.TODO()
-			routeManager := NewManager(ctx, localPeerKey, 0, wgInterface, statusRecorder, nil, nil)
+			routeManager := NewManager(ctx, localPeerKey, 0, wgInterface, statusRecorder, nil)

 			_, _, err = routeManager.Init()

--- a/client/internal/routemanager/sysctl/sysctl_linux.go
+++ b/client/internal/routemanager/sysctl/sysctl_linux.go
@@ -1,5 +1,4 @@
-//go:build !android
-
+// go:build !android
 package sysctl

 import (
--- a/client/internal/routemanager/systemops/systemops_windows.go
+++ b/client/internal/routemanager/systemops/systemops_windows.go
@@ -3,8 +3,6 @@
 package systemops

 import (
-	"context"
-	"encoding/binary"
 	"fmt"
 	"net"
 	"net/netip"
@@ -13,43 +11,15 @@ import (
 	"strconv"
 	"strings"
 	"sync"
-	"syscall"
 	"time"
-	"unsafe"

 	log "github.com/sirupsen/logrus"
 	"github.com/yusufpapurcu/wmi"
-	"golang.org/x/sys/windows"

 	"github.com/netbirdio/netbird/client/firewall/uspfilter"
 	nbnet "github.com/netbirdio/netbird/util/net"
 )

-type RouteUpdateType int
-
-// RouteUpdate represents a change in the routing table.
-// The interface field contains the index only.
-type RouteUpdate struct {
-	Type        RouteUpdateType
-	Destination netip.Prefix
-	NextHop     netip.Addr
-	Interface   *net.Interface
-}
-
-// RouteMonitor provides a way to monitor changes in the routing table.
-type RouteMonitor struct {
-	updates chan RouteUpdate
-	handle  windows.Handle
-	done    chan struct{}
-}
-
-// Route represents a single routing table entry.
-type Route struct {
-	Destination netip.Prefix
-	Nexthop     netip.Addr
-	Interface   *net.Interface
-}
-
 type MSFT_NetRoute struct {
 	DestinationPrefix string
 	NextHop           string
@@ -58,77 +28,33 @@ type MSFT_NetRoute struct {
 	AddressFamily     uint16
 }

-// MIB_IPFORWARD_ROW2 is defined in https://learn.microsoft.com/en-us/windows/win32/api/netioapi/ns-netioapi-mib_ipforward_row2
-type MIB_IPFORWARD_ROW2 struct {
-	InterfaceLuid        uint64
-	InterfaceIndex       uint32
-	DestinationPrefix    IP_ADDRESS_PREFIX
-	NextHop              SOCKADDR_INET_NEXTHOP
-	SitePrefixLength     uint8
-	ValidLifetime        uint32
-	PreferredLifetime    uint32
-	Metric               uint32
-	Protocol             uint32
-	Loopback             uint8
-	AutoconfigureAddress uint8
-	Publish              uint8
-	Immortal             uint8
-	Age                  uint32
-	Origin               uint32
+type Route struct {
+	Destination netip.Prefix
+	Nexthop     netip.Addr
+	Interface   *net.Interface
 }

-// IP_ADDRESS_PREFIX is defined in https://learn.microsoft.com/en-us/windows/win32/api/netioapi/ns-netioapi-ip_address_prefix
-type IP_ADDRESS_PREFIX struct {
-	Prefix       SOCKADDR_INET
-	PrefixLength uint8
+type MSFT_NetNeighbor struct {
+	IPAddress        string
+	LinkLayerAddress string
+	State            uint8
+	AddressFamily    uint16
+	InterfaceIndex   uint32
+	InterfaceAlias   string
 }

-// SOCKADDR_INET is defined in https://learn.microsoft.com/en-us/windows/win32/api/ws2ipdef/ns-ws2ipdef-sockaddr_inet
-// It represents the union of IPv4 and IPv6 socket addresses
-type SOCKADDR_INET struct {
-	sin6_family int16
-	// nolint:unused
-	sin6_port uint16
-	// 4 bytes ipv4 or 4 bytes flowinfo + 16 bytes ipv6 + 4 bytes scope_id
-	data [24]byte
+type Neighbor struct {
+	IPAddress        netip.Addr
+	LinkLayerAddress string
+	State            uint8
+	AddressFamily    uint16
+	InterfaceIndex   uint32
+	InterfaceAlias   string
 }

-// SOCKADDR_INET_NEXTHOP is the same as SOCKADDR_INET but offset by 2 bytes
-type SOCKADDR_INET_NEXTHOP struct {
-	// nolint:unused
-	pad         [2]byte
-	sin6_family int16
-	// nolint:unused
-	sin6_port uint16
-	// 4 bytes ipv4 or 4 bytes flowinfo + 16 bytes ipv6 + 4 bytes scope_id
-	data [24]byte
-}
-
-// MIB_NOTIFICATION_TYPE is defined in https://learn.microsoft.com/en-us/windows/win32/api/netioapi/ne-netioapi-mib_notification_type
-type MIB_NOTIFICATION_TYPE int32
-
-var (
-	modiphlpapi                = windows.NewLazyDLL("iphlpapi.dll")
-	procNotifyRouteChange2     = modiphlpapi.NewProc("NotifyRouteChange2")
-	procCancelMibChangeNotify2 = modiphlpapi.NewProc("CancelMibChangeNotify2")
-
-	prefixList []netip.Prefix
-	lastUpdate time.Time
-	mux        sync.Mutex
-)
-
-const (
-	MibParemeterModification MIB_NOTIFICATION_TYPE = iota
-	MibAddInstance
-	MibDeleteInstance
-	MibInitialNotification
-)
-
-const (
-	RouteModified RouteUpdateType = iota
-	RouteAdded
-	RouteDeleted
-)
+var prefixList []netip.Prefix
+var lastUpdate time.Time
+var mux = sync.Mutex{}

 func (r *SysOps) SetupRouting(initAddresses []net.IP) (nbnet.AddHookFunc, nbnet.RemoveHookFunc, error) {
 	return r.setupRefCounter(initAddresses)
@@ -168,155 +94,6 @@ func (r *SysOps) removeFromRouteTable(prefix netip.Prefix, nexthop Nexthop) erro
 	return nil
 }

-// NewRouteMonitor creates and starts a new RouteMonitor.
-// It returns a pointer to the RouteMonitor and an error if the monitor couldn't be started.
-func NewRouteMonitor(ctx context.Context) (*RouteMonitor, error) {
-	rm := &RouteMonitor{
-		updates: make(chan RouteUpdate, 5),
-		done:    make(chan struct{}),
-	}
-
-	if err := rm.start(ctx); err != nil {
-		return nil, err
-	}
-
-	return rm, nil
-}
-
-func (rm *RouteMonitor) start(ctx context.Context) error {
-	if ctx.Err() != nil {
-		return ctx.Err()
-	}
-
-	callbackPtr := windows.NewCallback(func(callerContext uintptr, row *MIB_IPFORWARD_ROW2, notificationType MIB_NOTIFICATION_TYPE) uintptr {
-		if ctx.Err() != nil {
-			return 0
-		}
-
-		update, err := rm.parseUpdate(row, notificationType)
-		if err != nil {
-			log.Errorf("Failed to parse route update: %v", err)
-			return 0
-		}
-
-		select {
-		case <-rm.done:
-			return 0
-		case rm.updates <- update:
-		default:
-			log.Warn("Route update channel is full, dropping update")
-		}
-		return 0
-	})
-
-	var handle windows.Handle
-	if err := notifyRouteChange2(windows.AF_UNSPEC, callbackPtr, 0, false, &handle); err != nil {
-		return fmt.Errorf("NotifyRouteChange2 failed: %w", err)
-	}
-
-	rm.handle = handle
-
-	return nil
-}
-
-func (rm *RouteMonitor) parseUpdate(row *MIB_IPFORWARD_ROW2, notificationType MIB_NOTIFICATION_TYPE) (RouteUpdate, error) {
-	// destination prefix, next hop, interface index, interface luid are guaranteed to be there
-	// GetIpForwardEntry2 is not needed
-
-	var update RouteUpdate
-
-	idx := int(row.InterfaceIndex)
-	if idx != 0 {
-		intf, err := net.InterfaceByIndex(idx)
-		if err != nil {
-			return update, fmt.Errorf("get interface name: %w", err)
-		}
-
-		update.Interface = intf
-	}
-
-	log.Tracef("Received route update with destination %v, next hop %v, interface %v", row.DestinationPrefix, row.NextHop, update.Interface)
-	dest := parseIPPrefix(row.DestinationPrefix, idx)
-	if !dest.Addr().IsValid() {
-		return RouteUpdate{}, fmt.Errorf("invalid destination: %v", row)
-	}
-
-	nexthop := parseIPNexthop(row.NextHop, idx)
-	if !nexthop.IsValid() {
-		return RouteUpdate{}, fmt.Errorf("invalid next hop %v", row)
-	}
-
-	updateType := RouteModified
-	switch notificationType {
-	case MibParemeterModification:
-		updateType = RouteModified
-	case MibAddInstance:
-		updateType = RouteAdded
-	case MibDeleteInstance:
-		updateType = RouteDeleted
-	}
-
-	update.Type = updateType
-	update.Destination = dest
-	update.NextHop = nexthop
-
-	return update, nil
-}
-
-// Stop stops the RouteMonitor.
-func (rm *RouteMonitor) Stop() error {
-	if rm.handle != 0 {
-		if err := cancelMibChangeNotify2(rm.handle); err != nil {
-			return fmt.Errorf("CancelMibChangeNotify2 failed: %w", err)
-		}
-		rm.handle = 0
-	}
-	close(rm.done)
-	close(rm.updates)
-	return nil
-}
-
-// RouteUpdates returns a channel that receives RouteUpdate messages.
-func (rm *RouteMonitor) RouteUpdates() <-chan RouteUpdate {
-	return rm.updates
-}
-
-func notifyRouteChange2(family uint32, callback uintptr, callerContext uintptr, initialNotification bool, handle *windows.Handle) error {
-	var initNotif uint32
-	if initialNotification {
-		initNotif = 1
-	}
-
-	r1, _, e1 := syscall.SyscallN(
-		procNotifyRouteChange2.Addr(),
-		uintptr(family),
-		callback,
-		callerContext,
-		uintptr(initNotif),
-		uintptr(unsafe.Pointer(handle)),
-	)
-	if r1 != 0 {
-		if e1 != 0 {
-			return e1
-		}
-		return syscall.EINVAL
-	}
-	return nil
-}
-
-func cancelMibChangeNotify2(handle windows.Handle) error {
-	r1, _, e1 := syscall.SyscallN(procCancelMibChangeNotify2.Addr(), uintptr(handle))
-	if r1 != 0 {
-		if e1 != 0 {
-			return e1
-		}
-		return syscall.EINVAL
-	}
-	return nil
-}
-
-// GetRoutesFromTable returns the current routing table from with prefixes only.
-// It ccaches the result for 2 seconds to avoid blocking the caller.
 func GetRoutesFromTable() ([]netip.Prefix, error) {
 	mux.Lock()
 	defer mux.Unlock()
@@ -340,7 +117,6 @@ func GetRoutesFromTable() ([]netip.Prefix, error) {
 	return prefixList, nil
 }

-// GetRoutes retrieves the current routing table using WMI.
 func GetRoutes() ([]Route, error) {
 	var entries []MSFT_NetRoute

@@ -370,8 +146,8 @@ func GetRoutes() ([]Route, error) {
 				Name:  entry.InterfaceAlias,
 			}

-			if nexthop.Is6() {
-				nexthop = addZone(nexthop, int(entry.InterfaceIndex))
+			if nexthop.Is6() && (nexthop.IsLinkLocalUnicast() || nexthop.IsLinkLocalMulticast()) {
+				nexthop = nexthop.WithZone(strconv.Itoa(int(entry.InterfaceIndex)))
 			}
 		}

@@ -385,6 +161,33 @@ func GetRoutes() ([]Route, error) {
 	return routes, nil
 }

+func GetNeighbors() ([]Neighbor, error) {
+	var entries []MSFT_NetNeighbor
+	query := `SELECT IPAddress, LinkLayerAddress, State, AddressFamily, InterfaceIndex, InterfaceAlias FROM MSFT_NetNeighbor`
+	if err := wmi.QueryNamespace(query, &entries, `ROOT\StandardCimv2`); err != nil {
+		return nil, fmt.Errorf("failed to query MSFT_NetNeighbor: %w", err)
+	}
+
+	var neighbors []Neighbor
+	for _, entry := range entries {
+		addr, err := netip.ParseAddr(entry.IPAddress)
+		if err != nil {
+			log.Warnf("Unable to parse neighbor IP address %s: %v", entry.IPAddress, err)
+			continue
+		}
+		neighbors = append(neighbors, Neighbor{
+			IPAddress:        addr,
+			LinkLayerAddress: entry.LinkLayerAddress,
+			State:            entry.State,
+			AddressFamily:    entry.AddressFamily,
+			InterfaceIndex:   entry.InterfaceIndex,
+			InterfaceAlias:   entry.InterfaceAlias,
+		})
+	}
+
+	return neighbors, nil
+}
+
 func addRouteCmd(prefix netip.Prefix, nexthop Nexthop) error {
 	args := []string{"add", prefix.String()}

@@ -417,54 +220,3 @@ func addRouteCmd(prefix netip.Prefix, nexthop Nexthop) error {
 func isCacheDisabled() bool {
 	return os.Getenv("NB_DISABLE_ROUTE_CACHE") == "true"
 }
-
-func parseIPPrefix(prefix IP_ADDRESS_PREFIX, idx int) netip.Prefix {
-	ip := parseIP(prefix.Prefix, idx)
-	return netip.PrefixFrom(ip, int(prefix.PrefixLength))
-}
-
-func parseIP(addr SOCKADDR_INET, idx int) netip.Addr {
-	return parseIPGeneric(addr.sin6_family, addr.data, idx)
-}
-
-func parseIPNexthop(addr SOCKADDR_INET_NEXTHOP, idx int) netip.Addr {
-	return parseIPGeneric(addr.sin6_family, addr.data, idx)
-}
-
-func parseIPGeneric(family int16, data [24]byte, interfaceIndex int) netip.Addr {
-	switch family {
-	case windows.AF_INET:
-		ipv4 := binary.BigEndian.Uint32(data[:4])
-		return netip.AddrFrom4([4]byte{
-			byte(ipv4 >> 24),
-			byte(ipv4 >> 16),
-			byte(ipv4 >> 8),
-			byte(ipv4),
-		})
-
-	case windows.AF_INET6:
-		// The IPv6 address is stored after the 4-byte flowinfo field
-		var ipv6 [16]byte
-		copy(ipv6[:], data[4:20])
-		ip := netip.AddrFrom16(ipv6)
-
-		// Check if there's a non-zero scope_id
-		scopeID := binary.BigEndian.Uint32(data[20:24])
-		if scopeID != 0 {
-			ip = ip.WithZone(strconv.FormatUint(uint64(scopeID), 10))
-		} else if interfaceIndex != 0 {
-			ip = addZone(ip, interfaceIndex)
-		}
-
-		return ip
-	}
-
-	return netip.IPv4Unspecified()
-}
-
-func addZone(ip netip.Addr, interfaceIndex int) netip.Addr {
-	if ip.IsLinkLocalUnicast() || ip.IsLinkLocalMulticast() {
-		ip = ip.WithZone(strconv.Itoa(interfaceIndex))
-	}
-	return ip
-}
--- a/client/ios/NetBirdSDK/client.go
+++ b/client/ios/NetBirdSDK/client.go
@@ -270,14 +270,7 @@ func (c *Client) GetRoutesSelectionDetails() (*RoutesSelectionDetails, error) {
 	}

 	routesMap := engine.GetClientRoutesWithNetID()
-	routeManager := engine.GetRouteManager()
-	if routeManager == nil {
-		return nil, fmt.Errorf("could not get route manager")
-	}
-	routeSelector := routeManager.GetRouteSelector()
-	if routeSelector == nil {
-		return nil, fmt.Errorf("could not get route selector")
-	}
+	routeSelector := engine.GetRouteManager().GetRouteSelector()

 	var routes []*selectRoute
 	for id, rt := range routesMap {
--- a/client/ios/NetBirdSDK/login.go
+++ b/client/ios/NetBirdSDK/login.go
@@ -74,7 +74,7 @@ func (a *Auth) SaveConfigIfSSOSupported() (bool, error) {
 	err := a.withBackOff(a.ctx, func() (err error) {
 		_, err = internal.GetDeviceAuthorizationFlowInfo(a.ctx, a.config.PrivateKey, a.config.ManagementURL)
 		if s, ok := gstatus.FromError(err); ok && (s.Code() == codes.NotFound || s.Code() == codes.Unimplemented) {
-			_, err = internal.GetPKCEAuthorizationFlowInfo(a.ctx, a.config.PrivateKey, a.config.ManagementURL, nil)
+			_, err = internal.GetPKCEAuthorizationFlowInfo(a.ctx, a.config.PrivateKey, a.config.ManagementURL)
 			if s, ok := gstatus.FromError(err); ok && (s.Code() == codes.NotFound || s.Code() == codes.Unimplemented) {
 				supportsSSO = false
 				err = nil
--- a/client/server/server.go
+++ b/client/server/server.go
@@ -12,6 +12,7 @@ import (

 	"github.com/cenkalti/backoff/v4"
 	"golang.org/x/exp/maps"
+
 	"google.golang.org/protobuf/types/known/durationpb"

 	log "github.com/sirupsen/logrus"
@@ -142,12 +143,10 @@ func (s *Server) Start() error {
 		s.sessionWatcher.SetOnExpireListener(s.onSessionExpire)
 	}

-	if config.DisableAutoConnect {
-		return nil
+	if !config.DisableAutoConnect {
+		go s.connectWithRetryRuns(ctx, config, s.statusRecorder, s.mgmProbe, s.signalProbe, s.relayProbe, s.wgProbe)
 	}

-	go s.connectWithRetryRuns(ctx, config, s.statusRecorder, nil)
-
 	return nil
 }

@@ -155,7 +154,7 @@ func (s *Server) Start() error {
 // mechanism to keep the client connected even when the connection is lost.
 // we cancel retry if the client receive a stop or down command, or if disable auto connect is configured.
 func (s *Server) connectWithRetryRuns(ctx context.Context, config *internal.Config, statusRecorder *peer.Status,
-	runningChan chan error,
+	mgmProbe *internal.Probe, signalProbe *internal.Probe, relayProbe *internal.Probe, wgProbe *internal.Probe,
 ) {
 	backOff := getConnectWithBackoff(ctx)
 	retryStarted := false
@@ -186,15 +185,7 @@ func (s *Server) connectWithRetryRuns(ctx context.Context, config *internal.Conf
 	runOperation := func() error {
 		log.Tracef("running client connection")
 		s.connectClient = internal.NewConnectClient(ctx, config, statusRecorder)
-
-		probes := internal.ProbeHolder{
-			MgmProbe:    s.mgmProbe,
-			SignalProbe: s.signalProbe,
-			RelayProbe:  s.relayProbe,
-			WgProbe:     s.wgProbe,
-		}
-
-		err := s.connectClient.RunWithProbes(&probes, runningChan)
+		err := s.connectClient.RunWithProbes(mgmProbe, signalProbe, relayProbe, wgProbe)
 		if err != nil {
 			log.Debugf("run client connection exited with error: %v. Will retry in the background", err)
 		}
@@ -585,22 +576,9 @@ func (s *Server) Up(callerCtx context.Context, _ *proto.UpRequest) (*proto.UpRes
 	s.statusRecorder.UpdateManagementAddress(s.config.ManagementURL.String())
 	s.statusRecorder.UpdateRosenpass(s.config.RosenpassEnabled, s.config.RosenpassPermissive)

-	runningChan := make(chan error)
-	go s.connectWithRetryRuns(ctx, s.config, s.statusRecorder, runningChan)
+	go s.connectWithRetryRuns(ctx, s.config, s.statusRecorder, s.mgmProbe, s.signalProbe, s.relayProbe, s.wgProbe)

-	for {
-		select {
-		case err := <-runningChan:
-			if err != nil {
-				log.Debugf("waiting for engine to become ready failed: %s", err)
-			} else {
-				return &proto.UpResponse{}, nil
-			}
-		case <-callerCtx.Done():
-			log.Debug("context done, stopping the wait for engine to become ready")
-			return nil, callerCtx.Err()
-		}
-	}
+	return &proto.UpResponse{}, nil
 }

 // Down engine work in the daemon.
@@ -612,19 +590,28 @@ func (s *Server) Down(ctx context.Context, _ *proto.DownRequest) (*proto.DownRes
 		return nil, fmt.Errorf("service is not up")
 	}
 	s.actCancel()
-
-	err := s.connectClient.Stop()
-	if err != nil {
-		log.Errorf("failed to shut down properly: %v", err)
-		return nil, err
-	}
-
 	state := internal.CtxGetState(s.rootCtx)
 	state.Set(internal.StatusIdle)

-	log.Infof("service is down")
+	maxWaitTime := 5 * time.Second
+	timeout := time.After(maxWaitTime)

-	return &proto.DownResponse{}, nil
+	engine := s.connectClient.Engine()
+
+	for {
+		if !engine.IsWGIfaceUp() {
+			return &proto.DownResponse{}, nil
+		}
+
+		select {
+		case <-ctx.Done():
+			return &proto.DownResponse{}, nil
+		case <-timeout:
+			return nil, fmt.Errorf("failed to shut down properly")
+		default:
+			time.Sleep(100 * time.Millisecond)
+		}
+	}
 }

 // Status returns the daemon status
--- a/client/server/server_test.go
+++ b/client/server/server_test.go
@@ -6,11 +6,10 @@ import (
 	"testing"
 	"time"

+	"github.com/netbirdio/management-integrations/integrations"
 	"github.com/stretchr/testify/require"
 	"go.opentelemetry.io/otel"

-	"github.com/netbirdio/management-integrations/integrations"
-
 	log "github.com/sirupsen/logrus"
 	"google.golang.org/grpc"
 	"google.golang.org/grpc/keepalive"
@@ -20,7 +19,6 @@ import (
 	mgmtProto "github.com/netbirdio/netbird/management/proto"
 	"github.com/netbirdio/netbird/management/server"
 	"github.com/netbirdio/netbird/management/server/activity"
-	"github.com/netbirdio/netbird/management/server/telemetry"
 	"github.com/netbirdio/netbird/signal/proto"
 	signalServer "github.com/netbirdio/netbird/signal/server"
 )
@@ -74,7 +72,7 @@ func TestConnectWithRetryRuns(t *testing.T) {
 	t.Setenv(maxRetryTimeVar, "5s")
 	t.Setenv(retryMultiplierVar, "1")

-	s.connectWithRetryRuns(ctx, config, s.statusRecorder, nil)
+	s.connectWithRetryRuns(ctx, config, s.statusRecorder, s.mgmProbe, s.signalProbe, s.relayProbe, s.wgProbe)
 	if counter < 3 {
 		t.Fatalf("expected counter > 2, got %d", counter)
 	}
@@ -122,17 +120,15 @@ func startManagement(t *testing.T, signalAddr string, counter *int) (*grpc.Serve
 		return nil, "", err
 	}
 	ia, _ := integrations.NewIntegratedValidator(context.Background(), eventStore)
-
-	metrics, err := telemetry.NewDefaultAppMetrics(context.Background())
-	require.NoError(t, err)
-
-	accountManager, err := server.BuildManager(context.Background(), store, peersUpdateManager, nil, "", "netbird.selfhosted", eventStore, nil, false, ia, metrics)
+	accountManager, err := server.BuildManager(context.Background(), store, peersUpdateManager, nil, "", "netbird.selfhosted", eventStore, nil, false, ia)
 	if err != nil {
 		return nil, "", err
 	}
-
-	secretsManager := server.NewTimeBasedAuthSecretsManager(peersUpdateManager, config.TURNConfig, config.Relay)
-	mgmtServer, err := server.NewServer(context.Background(), config, accountManager, peersUpdateManager, secretsManager, nil, nil)
+	rc := &server.RelayConfig{
+		Address: "localhost:0",
+	}
+	turnManager := server.NewTimeBasedAuthSecretsManager(peersUpdateManager, config.TURNConfig, rc)
+	mgmtServer, err := server.NewServer(context.Background(), config, accountManager, peersUpdateManager, turnManager, nil, nil)
 	if err != nil {
 		return nil, "", err
 	}
--- a/client/ssh/server.go
+++ b/client/ssh/server.go
@@ -118,9 +118,9 @@ func (srv *DefaultServer) publicKeyHandler(ctx ssh.Context, key ssh.PublicKey) b

 func prepareUserEnv(user *user.User, shell string) []string {
 	return []string{
-		fmt.Sprint("SHELL=" + shell),
-		fmt.Sprint("USER=" + user.Username),
-		fmt.Sprint("HOME=" + user.HomeDir),
+		fmt.Sprintf("SHELL=" + shell),
+		fmt.Sprintf("USER=" + user.Username),
+		fmt.Sprintf("HOME=" + user.HomeDir),
 	}
 }

--- a/client/testdata/management.json
+++ b/client/testdata/management.json
@@ -20,13 +20,6 @@
    "Secret": "c29tZV9wYXNzd29yZA==",
    "TimeBasedCredentials": true
  },
-  "Relay": {
-    "Addresses": [
-      "localhost:0"
-    ],
-    "CredentialsTTL": "1h",
-    "Secret": "b29tZV9wYXNzd29yZA=="
-  },
  "Signal": {
    "Proto": "http",
    "URI": "signal.wiretrustee.com:10000",
@@ -41,4 +34,4 @@
    "AuthAudience": "<PASTE YOUR AUTH0 AUDIENCE HERE>",
    "AuthKeysLocation": "<PASTE YOUR AUTH0 PUBLIC JWT KEYS LOCATION HERE>"
  }
-}
+}
--- a/client/ui/bundled.go
+++ b/client/ui/bundled.go
--- a/client/ui/client_ui.go
+++ b/client/ui/client_ui.go
@@ -22,8 +22,8 @@ import (
 	"fyne.io/fyne/v2/app"
 	"fyne.io/fyne/v2/dialog"
 	"fyne.io/fyne/v2/widget"
-	"fyne.io/systray"
 	"github.com/cenkalti/backoff/v4"
+	"github.com/getlantern/systray"
 	log "github.com/sirupsen/logrus"
 	"github.com/skratchdot/open-golang/open"
 	"golang.zx2c4.com/wireguard/wgctrl/wgtypes"
--- a/client/ui/netbird-systemtray-disconnected.png
+++ b/client/ui/netbird-systemtray-disconnected.png
--- a/client/ui/netbird-systemtray-update-disconnected.png
+++ b/client/ui/netbird-systemtray-update-disconnected.png
--- a/encryption/route53.go
+++ b/encryption/route53.go
@@ -3,9 +3,7 @@ package encryption
 import (
 	"context"
 	"crypto/tls"
-	"fmt"
 	"os"
-	"strings"

 	"github.com/caddyserver/certmagic"
 	"github.com/libdns/route53"
@@ -25,21 +23,12 @@ type Route53TLS struct {
 }

 func (r *Route53TLS) GetCertificate() (*tls.Config, error) {
-	if len(r.Domains) == 0 {
-		return nil, fmt.Errorf("no domains provided")
-	}
-
 	certmagic.Default.Logger = logger()
 	certmagic.Default.Storage = &certmagic.FileStorage{Path: r.DataDir}
 	certmagic.DefaultACME.Agreed = true
-	if r.Email != "" {
-		certmagic.DefaultACME.Email = r.Email
-	} else {
-		certmagic.DefaultACME.Email = emailFromDomain(r.Domains[0])
-	}
-
+	certmagic.DefaultACME.Email = r.Email
 	if r.CA == "" {
-		certmagic.DefaultACME.CA = certmagic.LetsEncryptProductionCA
+		certmagic.DefaultACME.CA = certmagic.LetsEncryptStagingCA
 	} else {
 		certmagic.DefaultACME.CA = r.CA
 	}
@@ -63,21 +52,6 @@ func (r *Route53TLS) GetCertificate() (*tls.Config, error) {
 	return tlsConfig, nil
 }

-func emailFromDomain(domain string) string {
-	if domain == "" {
-		return ""
-	}
-
-	parts := strings.Split(domain, ".")
-	if len(parts) < 2 {
-		return ""
-	}
-	if parts[0] == "" {
-		return ""
-	}
-	return fmt.Sprintf("admin@%s.%s", parts[len(parts)-2], parts[len(parts)-1])
-}
-
 func logger() *zap.Logger {
 	return zap.New(zapcore.NewCore(
 		zapcore.NewConsoleEncoder(zap.NewProductionEncoderConfig()),
--- a/encryption/route53_test.go
+++ b/encryption/route53_test.go
@@ -60,25 +60,3 @@ func TestRoute53TLSConfig(t *testing.T) {
 		t.Errorf("Unexpected response: %s", body)
 	}
 }
-
-func Test_emailFromDomain(t *testing.T) {
-	tests := []struct {
-		input string
-		want  string
-	}{
-		{"example.com", "admin@example.com"},
-		{"x.example.com", "admin@example.com"},
-		{"x.x.example.com", "admin@example.com"},
-		{"*.example.com", "admin@example.com"},
-		{"example", ""},
-		{"", ""},
-		{".com", ""},
-	}
-	for _, tt := range tests {
-		t.Run("domain test", func(t *testing.T) {
-			if got := emailFromDomain(tt.input); got != tt.want {
-				t.Errorf("emailFromDomain() = %v, want %v", got, tt.want)
-			}
-		})
-	}
-}
--- a/go.mod
+++ b/go.mod
@@ -10,7 +10,7 @@ require (
 	github.com/golang/protobuf v1.5.4
 	github.com/google/uuid v1.6.0
 	github.com/gorilla/mux v1.8.0
-	github.com/kardianos/service v1.2.3-0.20240613133416-becf2eb62b83
+	github.com/kardianos/service v1.2.1-0.20210728001519-a323c3813bc7
 	github.com/onsi/ginkgo v1.16.5
 	github.com/onsi/gomega v1.27.6
 	github.com/pion/ice/v3 v3.0.2
@@ -30,8 +30,7 @@ require (
 )

 require (
-	fyne.io/fyne/v2 v2.5.0
-	fyne.io/systray v1.11.0
+	fyne.io/fyne/v2 v2.1.4
 	github.com/TheJumpCloud/jcapi-go v3.0.0+incompatible
 	github.com/c-robinson/iplib v1.0.3
 	github.com/caddyserver/certmagic v0.21.3
@@ -40,6 +39,7 @@ require (
 	github.com/creack/pty v1.1.18
 	github.com/eko/gocache/v3 v3.1.1
 	github.com/fsnotify/fsnotify v1.7.0
+	github.com/getlantern/systray v1.2.1
 	github.com/gliderlabs/ssh v0.3.4
 	github.com/godbus/dbus/v5 v5.1.0
 	github.com/golang/mock v1.6.0
@@ -60,7 +60,6 @@ require (
 	github.com/mitchellh/hashstructure/v2 v2.0.2
 	github.com/nadoo/ipset v0.5.0
 	github.com/netbirdio/management-integrations/integrations v0.0.0-20240703085513-32605f7ffd8e
-	github.com/netbirdio/signal-dispatcher/dispatcher v0.0.0-20240820130728-bc0683599080
 	github.com/okta/okta-sdk-golang/v2 v2.18.0
 	github.com/oschwald/maxminddb-golang v1.12.0
 	github.com/patrickmn/go-cache v2.1.0+incompatible
@@ -88,7 +87,7 @@ require (
 	go.uber.org/zap v1.27.0
 	goauthentik.io/api/v3 v3.2023051.3
 	golang.org/x/exp v0.0.0-20240506185415-9bf2ced13842
-	golang.org/x/mobile v0.0.0-20231127183840-76ac6878050a
+	golang.org/x/mobile v0.0.0-20190719004257-d2bd2a29d028
 	golang.org/x/net v0.26.0
 	golang.org/x/oauth2 v0.19.0
 	golang.org/x/sync v0.7.0
@@ -107,7 +106,7 @@ require (
 	cloud.google.com/go/compute/metadata v0.3.0 // indirect
 	dario.cat/mergo v1.0.0 // indirect
 	github.com/Azure/go-ansiterm v0.0.0-20230124172434-306776ec8161 // indirect
-	github.com/BurntSushi/toml v1.4.0 // indirect
+	github.com/BurntSushi/toml v1.3.2 // indirect
 	github.com/Microsoft/go-winio v0.6.2 // indirect
 	github.com/Microsoft/hcsshim v0.12.3 // indirect
 	github.com/XiaoMi/pegasus-go-client v0.0.0-20210427083443-f3b6b08bc4c2 // indirect
@@ -137,29 +136,31 @@ require (
 	github.com/dgraph-io/ristretto v0.1.1 // indirect
 	github.com/dgryski/go-rendezvous v0.0.0-20200823014737-9f7001d12a5f // indirect
 	github.com/distribution/reference v0.6.0 // indirect
-	github.com/docker/docker v26.1.5+incompatible // indirect
+	github.com/docker/docker v26.1.4+incompatible // indirect
 	github.com/docker/go-connections v0.5.0 // indirect
 	github.com/docker/go-units v0.5.0 // indirect
 	github.com/felixge/httpsnoop v1.0.4 // indirect
-	github.com/fredbi/uri v1.1.0 // indirect
-	github.com/fyne-io/gl-js v0.0.0-20220119005834-d2da28d9ccfe // indirect
-	github.com/fyne-io/glfw-js v0.0.0-20240101223322-6e1efdc71b7a // indirect
-	github.com/fyne-io/image v0.0.0-20220602074514-4956b0afb3d2 // indirect
-	github.com/go-gl/gl v0.0.0-20211210172815-726fda9656d6 // indirect
-	github.com/go-gl/glfw/v3.3/glfw v0.0.0-20240506104042-037f3cc74f2a // indirect
+	github.com/fredbi/uri v0.0.0-20181227131451-3dcfdacbaaf3 // indirect
+	github.com/getlantern/context v0.0.0-20190109183933-c447772a6520 // indirect
+	github.com/getlantern/errors v0.0.0-20190325191628-abdb3e3e36f7 // indirect
+	github.com/getlantern/golog v0.0.0-20190830074920-4ef2e798c2d7 // indirect
+	github.com/getlantern/hex v0.0.0-20190417191902-c6586a6fe0b7 // indirect
+	github.com/getlantern/hidden v0.0.0-20190325191715-f02dbb02be55 // indirect
+	github.com/getlantern/ops v0.0.0-20190325191751-d70cb0d6f85f // indirect
+	github.com/go-gl/gl v0.0.0-20210813123233-e4099ee2221f // indirect
+	github.com/go-gl/glfw/v3.3/glfw v0.0.0-20211024062804-40e447a793be // indirect
 	github.com/go-logr/logr v1.4.1 // indirect
 	github.com/go-logr/stdr v1.2.2 // indirect
 	github.com/go-ole/go-ole v1.3.0 // indirect
 	github.com/go-redis/redis/v8 v8.11.5 // indirect
-	github.com/go-text/render v0.1.0 // indirect
-	github.com/go-text/typesetting v0.1.0 // indirect
+	github.com/go-stack/stack v1.8.0 // indirect
 	github.com/gogo/protobuf v1.3.2 // indirect
+	github.com/goki/freetype v0.0.0-20181231101311-fa8a33aabaff // indirect
 	github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
 	github.com/google/btree v1.0.1 // indirect
 	github.com/google/s2a-go v0.1.7 // indirect
 	github.com/googleapis/enterprise-certificate-proxy v0.3.2 // indirect
 	github.com/googleapis/gax-go/v2 v2.12.3 // indirect
-	github.com/gopherjs/gopherjs v1.17.2 // indirect
 	github.com/hashicorp/errwrap v1.1.0 // indirect
 	github.com/hashicorp/go-uuid v1.0.3 // indirect
 	github.com/inconshreveable/mousetrap v1.1.0 // indirect
@@ -167,12 +168,10 @@ require (
 	github.com/jackc/pgservicefile v0.0.0-20221227161230-091c0ba34f0a // indirect
 	github.com/jackc/pgx/v5 v5.5.5 // indirect
 	github.com/jackc/puddle/v2 v2.2.1 // indirect
-	github.com/jeandeaual/go-locale v0.0.0-20240223122105-ce5225dcaa49 // indirect
 	github.com/jinzhu/inflection v1.0.0 // indirect
 	github.com/jinzhu/now v1.1.5 // indirect
 	github.com/jmespath/go-jmespath v0.4.0 // indirect
 	github.com/josharian/native v1.1.0 // indirect
-	github.com/jsummers/gobmp v0.0.0-20151104160322-e2ba15ffa76e // indirect
 	github.com/kelseyhightower/envconfig v1.4.0 // indirect
 	github.com/klauspost/compress v1.17.8 // indirect
 	github.com/klauspost/cpuid/v2 v2.2.7 // indirect
@@ -187,11 +186,11 @@ require (
 	github.com/moby/sys/user v0.1.0 // indirect
 	github.com/moby/term v0.5.0 // indirect
 	github.com/morikuni/aec v1.0.0 // indirect
-	github.com/nicksnyder/go-i18n/v2 v2.4.0 // indirect
 	github.com/nxadm/tail v1.4.8 // indirect
 	github.com/onsi/ginkgo/v2 v2.9.5 // indirect
 	github.com/opencontainers/go-digest v1.0.0 // indirect
 	github.com/opencontainers/image-spec v1.1.0 // indirect
+	github.com/oxtoacart/bpool v0.0.0-20190530202638-03653db5a59c // indirect
 	github.com/pegasus-kv/thrift v0.13.0 // indirect
 	github.com/pion/dtls/v2 v2.2.10 // indirect
 	github.com/pion/mdns v0.0.12 // indirect
@@ -202,15 +201,14 @@ require (
 	github.com/prometheus/client_model v0.6.1 // indirect
 	github.com/prometheus/common v0.53.0 // indirect
 	github.com/prometheus/procfs v0.15.0 // indirect
-	github.com/rymdport/portal v0.2.2 // indirect
 	github.com/shoenig/go-m1cpu v0.1.6 // indirect
 	github.com/spf13/cast v1.5.0 // indirect
-	github.com/srwiley/oksvg v0.0.0-20221011165216-be6e8873101c // indirect
-	github.com/srwiley/rasterx v0.0.0-20220730225603-2ab79fcdd4ef // indirect
+	github.com/srwiley/oksvg v0.0.0-20200311192757-870daf9aa564 // indirect
+	github.com/srwiley/rasterx v0.0.0-20200120212402-85cb7272f5e9 // indirect
 	github.com/tklauser/go-sysconf v0.3.14 // indirect
 	github.com/tklauser/numcpus v0.8.0 // indirect
 	github.com/vishvananda/netns v0.0.4 // indirect
-	github.com/yuin/goldmark v1.7.1 // indirect
+	github.com/yuin/goldmark v1.4.13 // indirect
 	github.com/zeebo/blake3 v0.2.3 // indirect
 	go.opencensus.io v0.24.0 // indirect
 	go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.51.0 // indirect
@@ -232,7 +230,7 @@ require (
 	k8s.io/apimachinery v0.26.2 // indirect
 )

-replace github.com/kardianos/service => github.com/netbirdio/service v0.0.0-20240904111318-17777758453a
+replace github.com/kardianos/service => github.com/netbirdio/service v0.0.0-20230215170314-b923b89432b0

 replace github.com/getlantern/systray => github.com/netbirdio/systray v0.0.0-20231030152038-ef1ed2a27949

--- a/go.sum
+++ b/go.sum
--- a/iface/iface.go
+++ b/iface/iface.go
@@ -124,23 +124,7 @@ func (w *WGIface) RemoveAllowedIP(peerKey string, allowedIP string) error {
 func (w *WGIface) Close() error {
 	w.mu.Lock()
 	defer w.mu.Unlock()
-
-	err := w.tun.Close()
-	if err != nil {
-		return fmt.Errorf("failed to close wireguard interface %s: %w", w.Name(), err)
-	}
-
-	err = w.waitUntilRemoved()
-	if err != nil {
-		log.Warnf("failed to remove WireGuard interface %s: %v", w.Name(), err)
-		err = w.Destroy()
-		if err != nil {
-			return fmt.Errorf("failed to remove WireGuard interface %s: %w", w.Name(), err)
-		}
-		log.Infof("interface %s successfully removed", w.Name())
-	}
-
-	return nil
+	return w.tun.Close()
 }

 // SetFilter sets packet filters for the userspace implementation
@@ -179,30 +163,3 @@ func (w *WGIface) GetDevice() *DeviceWrapper {
 func (w *WGIface) GetStats(peerKey string) (WGStats, error) {
 	return w.configurer.getStats(peerKey)
 }
-
-func (w *WGIface) waitUntilRemoved() error {
-	maxWaitTime := 5 * time.Second
-	timeout := time.NewTimer(maxWaitTime)
-	defer timeout.Stop()
-
-	for {
-		iface, err := net.InterfaceByName(w.Name())
-		if err != nil {
-			if _, ok := err.(*net.OpError); ok {
-				log.Infof("interface %s has been removed", w.Name())
-				return nil
-			}
-			log.Debugf("failed to get interface by name %s: %v", w.Name(), err)
-		} else if iface == nil {
-			log.Infof("interface %s has been removed", w.Name())
-			return nil
-		}
-
-		select {
-		case <-timeout.C:
-			return fmt.Errorf("timeout when waiting for interface %s to be removed", w.Name())
-		default:
-			time.Sleep(100 * time.Millisecond)
-		}
-	}
-}
--- a/iface/iface_create.go
+++ b/iface/iface_create.go
@@ -1,4 +1,4 @@
-//go:build (!android && !darwin) || ios
+//go:build !android

 package iface

--- a/iface/iface_darwin.go
+++ b/iface/iface_darwin.go
@@ -4,9 +4,7 @@ package iface

 import (
 	"fmt"
-	"time"

-	"github.com/cenkalti/backoff/v4"
 	"github.com/pion/transport/v3"

 	"github.com/netbirdio/netbird/iface/bind"
@@ -38,29 +36,3 @@ func NewWGIFace(iFaceName string, address string, wgPort int, wgPrivKey string,
 func (w *WGIface) CreateOnAndroid([]string, string, []string) error {
 	return fmt.Errorf("this function has not implemented on this platform")
 }
-
-// Create creates a new Wireguard interface, sets a given IP and brings it up.
-// Will reuse an existing one.
-// this function is different on Android
-func (w *WGIface) Create() error {
-	w.mu.Lock()
-	defer w.mu.Unlock()
-
-	backOff := &backoff.ExponentialBackOff{
-		InitialInterval: 20 * time.Millisecond,
-		MaxElapsedTime:  500 * time.Millisecond,
-		Stop:            backoff.Stop,
-		Clock:           backoff.SystemClock,
-	}
-
-	operation := func() error {
-		cfgr, err := w.tun.Create()
-		if err != nil {
-			return err
-		}
-		w.configurer = cfgr
-		return nil
-	}
-
-	return backoff.Retry(operation, backOff)
-}
--- a/iface/iface_destroy_bsd.go
+++ b/iface/iface_destroy_bsd.go
@@ -1,17 +0,0 @@
-//go:build darwin || dragonfly || freebsd || netbsd || openbsd
-
-package iface
-
-import (
-	"fmt"
-	"os/exec"
-)
-
-func (w *WGIface) Destroy() error {
-	out, err := exec.Command("ifconfig", w.Name(), "destroy").CombinedOutput()
-	if err != nil {
-		return fmt.Errorf("failed to remove interface %s: %w - %s", w.Name(), err, out)
-	}
-
-	return nil
-}
--- a/iface/iface_destroy_linux.go
+++ b/iface/iface_destroy_linux.go
@@ -1,22 +0,0 @@
-//go:build linux && !android
-
-package iface
-
-import (
-	"fmt"
-
-	"github.com/vishvananda/netlink"
-)
-
-func (w *WGIface) Destroy() error {
-	link, err := netlink.LinkByName(w.Name())
-	if err != nil {
-		return fmt.Errorf("failed to get link by name %s: %w", w.Name(), err)
-	}
-
-	if err := netlink.LinkDel(link); err != nil {
-		return fmt.Errorf("failed to delete link %s: %w", w.Name(), err)
-	}
-
-	return nil
-}
--- a/iface/iface_destroy_mobile.go
+++ b/iface/iface_destroy_mobile.go
@@ -1,9 +0,0 @@
-//go:build android || (ios && !darwin)
-
-package iface
-
-import "errors"
-
-func (w *WGIface) Destroy() error {
-	return errors.New("not supported on mobile")
-}
--- a/iface/iface_destroy_windows.go
+++ b/iface/iface_destroy_windows.go
@@ -1,32 +0,0 @@
-//go:build windows
-
-package iface
-
-import (
-	"fmt"
-	"os/exec"
-
-	log "github.com/sirupsen/logrus"
-)
-
-func (w *WGIface) Destroy() error {
-	netshCmd := GetSystem32Command("netsh")
-	out, err := exec.Command(netshCmd, "interface", "set", "interface", w.Name(), "admin=disable").CombinedOutput()
-	if err != nil {
-		return fmt.Errorf("failed to remove interface %s: %w - %s", w.Name(), err, out)
-	}
-	return nil
-}
-
-// GetSystem32Command checks if a command can be found in the system path and returns it. In case it can't find it
-// in the path it will return the full path of a command assuming C:\windows\system32 as the base path.
-func GetSystem32Command(command string) string {
-	_, err := exec.LookPath(command)
-	if err == nil {
-		return command
-	}
-
-	log.Tracef("Command %s not found in PATH, using C:\\windows\\system32\\%s.exe path", command, command)
-
-	return "C:\\windows\\system32\\" + command + ".exe"
-}
--- a/iface/iface_test.go
+++ b/iface/iface_test.go
@@ -4,11 +4,9 @@ import (
 	"fmt"
 	"net"
 	"net/netip"
-	"strings"
 	"testing"
 	"time"

-	"github.com/google/uuid"
 	"github.com/pion/transport/v3/stdnet"
 	log "github.com/sirupsen/logrus"
 	"github.com/stretchr/testify/assert"
@@ -176,72 +174,6 @@ func Test_Close(t *testing.T) {
 	}
 }

-func TestRecreation(t *testing.T) {
-	for i := 0; i < 100; i++ {
-		t.Run(fmt.Sprintf("down-%d", i), func(t *testing.T) {
-			ifaceName := fmt.Sprintf("utun%d", WgIntNumber+2)
-			wgIP := "10.99.99.2/32"
-			wgPort := 33100
-			newNet, err := stdnet.NewNet()
-			if err != nil {
-				t.Fatal(err)
-			}
-
-			iface, err := NewWGIFace(ifaceName, wgIP, wgPort, key, DefaultMTU, newNet, nil, nil)
-			if err != nil {
-				t.Fatal(err)
-			}
-
-			for {
-				_, err = net.InterfaceByName(ifaceName)
-				if err != nil {
-					t.Logf("interface %s not found: err: %s", ifaceName, err)
-					break
-				}
-				t.Logf("interface %s found", ifaceName)
-			}
-
-			err = iface.Create()
-			if err != nil {
-				t.Fatal(err)
-			}
-			wg, err := wgctrl.New()
-			if err != nil {
-				t.Fatal(err)
-			}
-			defer func() {
-				err = wg.Close()
-				if err != nil {
-					t.Error(err)
-				}
-			}()
-
-			_, err = iface.Up()
-			if err != nil {
-				t.Fatal(err)
-			}
-
-			for {
-				_, err = net.InterfaceByName(ifaceName)
-				if err == nil {
-					t.Logf("interface %s found", ifaceName)
-
-					break
-				}
-				t.Logf("interface %s not found: err: %s", ifaceName, err)
-
-			}
-
-			start := time.Now()
-			err = iface.Close()
-			t.Logf("down time: %s", time.Since(start))
-			if err != nil {
-				t.Fatal(err)
-			}
-		})
-	}
-}
-
 func Test_ConfigureInterface(t *testing.T) {
 	ifaceName := fmt.Sprintf("utun%d", WgIntNumber+3)
 	wgIP := "10.99.99.5/30"
@@ -413,9 +345,6 @@ func Test_ConnectPeers(t *testing.T) {
 		t.Fatal(err)
 	}

-	guid := fmt.Sprintf("{%s}", uuid.New().String())
-	CustomWindowsGUIDString = strings.ToLower(guid)
-
 	iface1, err := NewWGIFace(peer1ifaceName, peer1wgIP, peer1wgPort, peer1Key.String(), DefaultMTU, newNet, nil, nil)
 	if err != nil {
 		t.Fatal(err)
@@ -435,9 +364,6 @@ func Test_ConnectPeers(t *testing.T) {
 		t.Fatal(err)
 	}

-	guid = fmt.Sprintf("{%s}", uuid.New().String())
-	CustomWindowsGUIDString = strings.ToLower(guid)
-
 	newNet, err = stdnet.NewNet()
 	if err != nil {
 		t.Fatal(err)
--- a/iface/tun.go
+++ b/iface/tun.go
@@ -7,9 +7,6 @@ import (
 	"github.com/netbirdio/netbird/iface/bind"
 )

-// CustomWindowsGUIDString is a custom GUID string for the interface
-var CustomWindowsGUIDString string
-
 type wgTunDevice interface {
 	Create() (wgConfigurer, error)
 	Up() (*bind.UniversalUDPMuxDefault, error)
--- a/iface/tun_darwin.go
+++ b/iface/tun_darwin.go
@@ -3,7 +3,6 @@
 package iface

 import (
-	"fmt"
 	"os/exec"

 	"github.com/pion/transport/v3"
@@ -42,7 +41,7 @@ func newTunDevice(name string, address WGAddress, port int, key string, mtu int,
 func (t *tunDevice) Create() (wgConfigurer, error) {
 	tunDevice, err := tun.CreateTUN(t.name, t.mtu)
 	if err != nil {
-		return nil, fmt.Errorf("error creating tun device: %s", err)
+		return nil, err
 	}
 	t.wrapper = newDeviceWrapper(tunDevice)

@@ -56,7 +55,7 @@ func (t *tunDevice) Create() (wgConfigurer, error) {
 	err = t.assignAddr()
 	if err != nil {
 		t.device.Close()
-		return nil, fmt.Errorf("error assigning ip: %s", err)
+		return nil, err
 	}

 	t.configurer = newWGUSPConfigurer(t.device, t.name)
@@ -64,7 +63,7 @@ func (t *tunDevice) Create() (wgConfigurer, error) {
 	if err != nil {
 		t.device.Close()
 		t.configurer.close()
-		return nil, fmt.Errorf("error configuring interface: %s", err)
+		return nil, err
 	}
 	return t.configurer, nil
 }
--- a/iface/tun_kernel_unix.go
+++ b/iface/tun_kernel_unix.go
@@ -70,7 +70,7 @@ func (t *tunKernelDevice) Create() (wgConfigurer, error) {
 	configurer := newWGConfigurer(t.name)

 	if err := configurer.configureInterface(t.key, t.wgPort); err != nil {
-		return nil, fmt.Errorf("error configuring interface: %s", err)
+		return nil, err
 	}

 	return configurer, nil
--- a/iface/tun_netstack.go
+++ b/iface/tun_netstack.go
@@ -47,7 +47,7 @@ func (t *tunNetstackDevice) Create() (wgConfigurer, error) {
 	t.nsTun = netstack.NewNetStackTun(t.listenAddress, t.address.IP.String(), t.mtu)
 	tunIface, err := t.nsTun.Create()
 	if err != nil {
-		return nil, fmt.Errorf("error creating tun device: %s", err)
+		return nil, err
 	}
 	t.wrapper = newDeviceWrapper(tunIface)

@@ -61,7 +61,7 @@ func (t *tunNetstackDevice) Create() (wgConfigurer, error) {
 	err = t.configurer.configureInterface(t.key, t.port)
 	if err != nil {
 		_ = tunIface.Close()
-		return nil, fmt.Errorf("error configuring interface: %s", err)
+		return nil, err
 	}

 	log.Debugf("device has been created: %s", t.name)
--- a/iface/tun_usp_unix.go
+++ b/iface/tun_usp_unix.go
@@ -48,8 +48,8 @@ func (t *tunUSPDevice) Create() (wgConfigurer, error) {
 	log.Info("create tun interface")
 	tunIface, err := tun.CreateTUN(t.name, t.mtu)
 	if err != nil {
-		log.Debugf("failed to create tun interface (%s, %d): %s", t.name, t.mtu, err)
-		return nil, fmt.Errorf("error creating tun device: %s", err)
+		log.Debugf("failed to create tun unterface (%s, %d): %s", t.name, t.mtu, err)
+		return nil, err
 	}
 	t.wrapper = newDeviceWrapper(tunIface)

@@ -63,7 +63,7 @@ func (t *tunUSPDevice) Create() (wgConfigurer, error) {
 	err = t.assignAddr()
 	if err != nil {
 		t.device.Close()
-		return nil, fmt.Errorf("error assigning ip: %s", err)
+		return nil, err
 	}

 	t.configurer = newWGUSPConfigurer(t.device, t.name)
@@ -71,7 +71,7 @@ func (t *tunUSPDevice) Create() (wgConfigurer, error) {
 	if err != nil {
 		t.device.Close()
 		t.configurer.close()
-		return nil, fmt.Errorf("error configuring interface: %s", err)
+		return nil, err
 	}
 	return t.configurer, nil
 }
--- a/iface/tun_windows.go
+++ b/iface/tun_windows.go
@@ -14,8 +14,6 @@ import (
 	"github.com/netbirdio/netbird/iface/bind"
 )

-const defaultWindowsGUIDSTring = "{f2f29e61-d91f-4d76-8151-119b20c4bdeb}"
-
 type tunDevice struct {
 	name    string
 	address WGAddress
@@ -42,24 +40,11 @@ func newTunDevice(name string, address WGAddress, port int, key string, mtu int,
 	}
 }

-func getGUID() (windows.GUID, error) {
-	guidString := defaultWindowsGUIDSTring
-	if CustomWindowsGUIDString != "" {
-		guidString = CustomWindowsGUIDString
-	}
-	return windows.GUIDFromString(guidString)
-}
-
 func (t *tunDevice) Create() (wgConfigurer, error) {
-	guid, err := getGUID()
-	if err != nil {
-		log.Errorf("failed to get GUID: %s", err)
-		return nil, err
-	}
 	log.Info("create tun interface")
-	tunDevice, err := tun.CreateTUNWithRequestedGUID(t.name, &guid, t.mtu)
+	tunDevice, err := tun.CreateTUN(t.name, t.mtu)
 	if err != nil {
-		return nil, fmt.Errorf("error creating tun device: %s", err)
+		return nil, err
 	}
 	t.nativeTunDevice = tunDevice.(*tun.NativeTun)
 	t.wrapper = newDeviceWrapper(tunDevice)
@@ -89,7 +74,7 @@ func (t *tunDevice) Create() (wgConfigurer, error) {
 	err = t.assignAddr()
 	if err != nil {
 		t.device.Close()
-		return nil, fmt.Errorf("error assigning ip: %s", err)
+		return nil, err
 	}

 	t.configurer = newWGUSPConfigurer(t.device, t.name)
@@ -97,7 +82,7 @@ func (t *tunDevice) Create() (wgConfigurer, error) {
 	if err != nil {
 		t.device.Close()
 		t.configurer.close()
-		return nil, fmt.Errorf("error configuring interface: %s", err)
+		return nil, err
 	}
 	return t.configurer, nil
 }
--- a/infrastructure_files/base.setup.env
+++ b/infrastructure_files/base.setup.env
@@ -20,12 +20,6 @@ NETBIRD_MGMT_IDP_SIGNKEY_REFRESH=${NETBIRD_MGMT_IDP_SIGNKEY_REFRESH:-false}
 NETBIRD_SIGNAL_PROTOCOL="http"
 NETBIRD_SIGNAL_PORT=${NETBIRD_SIGNAL_PORT:-10000}

-# Relay
-NETBIRD_RELAY_DOMAIN=${NETBIRD_RELAY_DOMAIN:-$NETBIRD_DOMAIN}
-NETBIRD_RELAY_PORT=${NETBIRD_RELAY_PORT:-33080}
-# Relay auth secret
-NETBIRD_RELAY_AUTH_SECRET=
-
 # Turn
 TURN_DOMAIN=${NETBIRD_TURN_DOMAIN:-$NETBIRD_DOMAIN}

@@ -75,7 +69,7 @@ NETBIRD_DASHBOARD_TAG=${NETBIRD_DASHBOARD_TAG:-"latest"}
 NETBIRD_SIGNAL_TAG=${NETBIRD_SIGNAL_TAG:-"latest"}
 NETBIRD_MANAGEMENT_TAG=${NETBIRD_MANAGEMENT_TAG:-"latest"}
 COTURN_TAG=${COTURN_TAG:-"latest"}
-NETBIRD_RELAY_TAG=${NETBIRD_RELAY_TAG:-"latest"}
+

 # exports
 export NETBIRD_DOMAIN
@@ -129,7 +123,3 @@ export NETBIRD_SIGNAL_TAG
 export NETBIRD_MANAGEMENT_TAG
 export COTURN_TAG
 export NETBIRD_TURN_EXTERNAL_IP
-export NETBIRD_RELAY_DOMAIN
-export NETBIRD_RELAY_PORT
-export NETBIRD_RELAY_AUTH_SECRET
-export NETBIRD_RELAY_TAG
--- a/infrastructure_files/configure.sh
+++ b/infrastructure_files/configure.sh
@@ -41,18 +41,6 @@ if [[ "x-$NETBIRD_DOMAIN" == "x-" ]]; then
  exit 1
 fi

-# Check if PostgreSQL is set as the store engine
-if [[ "$NETBIRD_STORE_CONFIG_ENGINE" == "postgres" ]]; then
-  # Exit if 'NETBIRD_STORE_ENGINE_POSTGRES_DSN' is not set
-  if [[ -z "$NETBIRD_STORE_ENGINE_POSTGRES_DSN" ]]; then
-    echo "Warning: NETBIRD_STORE_CONFIG_ENGINE=postgres but NETBIRD_STORE_ENGINE_POSTGRES_DSN is not set."
-    echo "Please add the following line to your setup.env file:"
-    echo 'NETBIRD_STORE_ENGINE_POSTGRES_DSN="host=<PG_HOST> user=<PG_USER> password=<PG_PASSWORD> dbname=<PG_DB_NAME> port=<PG_PORT>"'
-    exit 1
-  fi
-  export NETBIRD_STORE_ENGINE_POSTGRES_DSN
-fi
-
 # local development or tests
 if [[ $NETBIRD_DOMAIN == "localhost" || $NETBIRD_DOMAIN == "127.0.0.1" ]]; then
  export NETBIRD_MGMT_SINGLE_ACCOUNT_MODE_DOMAIN="netbird.selfhosted"
@@ -89,11 +77,6 @@ fi

 export TURN_EXTERNAL_IP_CONFIG

-# if not provided, we generate a relay auth secret
-if [[ "x-$NETBIRD_RELAY_AUTH_SECRET" == "x-" ]]; then
-  export NETBIRD_RELAY_AUTH_SECRET=$(openssl rand -base64 32 | sed 's/=//g')
-fi
-
 artifacts_path="./artifacts"
 mkdir -p $artifacts_path

--- a/infrastructure_files/docker-compose.yml.tmpl
+++ b/infrastructure_files/docker-compose.yml.tmpl
@@ -49,23 +49,6 @@ services:
      options:
        max-size: "500m"
        max-file: "2"
-  # Relay
-  relay:
-    image: netbirdio/relay:$NETBIRD_RELAY_TAG
-    restart: unless-stopped
-    environment:
-    - NB_LOG_LEVEL=info
-    - NB_LISTEN_ADDRESS=:$NETBIRD_RELAY_PORT
-    - NB_EXPOSED_ADDRESS=$NETBIRD_RELAY_DOMAIN:$NETBIRD_RELAY_PORT
-    # todo: change to a secure secret
-    - NB_AUTH_SECRET=$NETBIRD_RELAY_AUTH_SECRET
-    ports:
-      - $NETBIRD_RELAY_PORT:$NETBIRD_RELAY_PORT
-    logging:
-      driver: "json-file"
-      options:
-        max-size: "500m"
-        max-file: "2"

  # Management
  management:
@@ -94,9 +77,6 @@ services:
      options:
        max-size: "500m"
        max-file: "2"
-    environment:
-      - NETBIRD_STORE_ENGINE_POSTGRES_DSN=$NETBIRD_STORE_ENGINE_POSTGRES_DSN
-      
  # Coturn
  coturn:
    image: coturn/coturn:$COTURN_TAG
--- a/infrastructure_files/docker-compose.yml.tmpl.traefik
+++ b/infrastructure_files/docker-compose.yml.tmpl.traefik
@@ -81,9 +81,7 @@ services:
    - traefik.http.routers.netbird-management.service=netbird-management
    - traefik.http.services.netbird-management.loadbalancer.server.port=443
    - traefik.http.services.netbird-management.loadbalancer.server.scheme=h2c
-    environment:
-      - NETBIRD_STORE_ENGINE_POSTGRES_DSN=$NETBIRD_STORE_ENGINE_POSTGRES_DSN
-      
+
  # Coturn
  coturn:
    image: coturn/coturn:$COTURN_TAG
--- a/infrastructure_files/download-geolite2.sh
+++ b/infrastructure_files/download-geolite2.sh
@@ -0,0 +1,109 @@
+#!/bin/bash
+
+# to install sha256sum on mac: brew install coreutils
+if ! command -v sha256sum &> /dev/null
+then
+    echo "sha256sum is not installed or not in PATH, please install with your package manager. e.g. sudo apt install sha256sum" > /dev/stderr
+    exit 1
+fi
+
+if ! command -v sqlite3 &> /dev/null
+then
+    echo "sqlite3 is not installed or not in PATH, please install with your package manager. e.g. sudo apt install sqlite3" > /dev/stderr
+    exit 1
+fi
+
+if ! command -v unzip &> /dev/null
+then
+    echo "unzip is not installed or not in PATH, please install with your package manager. e.g. sudo apt install unzip" > /dev/stderr
+    exit 1
+fi
+
+download_geolite_mmdb() {
+  DATABASE_URL="https://pkgs.netbird.io/geolocation-dbs/GeoLite2-City/download?suffix=tar.gz"
+  SIGNATURE_URL="https://pkgs.netbird.io/geolocation-dbs/GeoLite2-City/download?suffix=tar.gz.sha256"
+  # Download the database and signature files
+  echo "Downloading mmdb signature file..."
+  SIGNATURE_FILE=$(curl -s  -L -O -J "$SIGNATURE_URL" -w "%{filename_effective}")
+  echo "Downloading mmdb database file..."
+  DATABASE_FILE=$(curl -s  -L -O -J "$DATABASE_URL" -w "%{filename_effective}")
+
+  # Verify the signature
+  echo "Verifying signature..."
+  if sha256sum -c --status "$SIGNATURE_FILE"; then
+      echo "Signature is valid."
+  else
+      echo "Signature is invalid. Aborting."
+      exit 1
+  fi
+
+  # Unpack the database file
+  EXTRACTION_DIR=$(basename "$DATABASE_FILE" .tar.gz)
+  echo "Unpacking $DATABASE_FILE..."
+  mkdir -p "$EXTRACTION_DIR"
+  tar -xzvf "$DATABASE_FILE" > /dev/null 2>&1
+
+  MMDB_FILE="GeoLite2-City.mmdb"
+  cp "$EXTRACTION_DIR"/"$MMDB_FILE" $MMDB_FILE
+
+  # Remove downloaded files
+  rm -r "$EXTRACTION_DIR"
+  rm "$DATABASE_FILE" "$SIGNATURE_FILE"
+
+  # Done. Print next steps
+  echo ""
+  echo "Process completed successfully."
+  echo "Now you can place $MMDB_FILE to 'datadir' of management service."
+  echo -e "Example:\n\tdocker compose cp $MMDB_FILE management:/var/lib/netbird/"
+}
+
+
+download_geolite_csv_and_create_sqlite_db() {
+  DATABASE_URL="https://pkgs.netbird.io/geolocation-dbs/GeoLite2-City-CSV/download?suffix=zip"
+  SIGNATURE_URL="https://pkgs.netbird.io/geolocation-dbs/GeoLite2-City-CSV/download?suffix=zip.sha256"
+
+
+  # Download the database file
+  echo "Downloading csv signature file..."
+  SIGNATURE_FILE=$(curl -s  -L -O -J "$SIGNATURE_URL" -w "%{filename_effective}")
+  echo "Downloading csv database file..."
+  DATABASE_FILE=$(curl -s  -L -O -J "$DATABASE_URL" -w "%{filename_effective}")
+
+  # Verify the signature
+  echo "Verifying signature..."
+  if sha256sum -c --status "$SIGNATURE_FILE"; then
+      echo "Signature is valid."
+  else
+      echo "Signature is invalid. Aborting."
+      exit 1
+  fi
+
+  # Unpack the database file
+  EXTRACTION_DIR=$(basename "$DATABASE_FILE" .zip)
+  DB_NAME="geonames.db"
+
+  echo "Unpacking $DATABASE_FILE..."
+  unzip "$DATABASE_FILE" > /dev/null 2>&1
+
+# Create SQLite database and import data from CSV
+sqlite3 "$DB_NAME" <<EOF
+.mode csv
+.import "$EXTRACTION_DIR/GeoLite2-City-Locations-en.csv" geonames
+EOF
+
+
+  # Remove downloaded and extracted files
+  rm -r -r "$EXTRACTION_DIR"
+  rm  "$DATABASE_FILE" "$SIGNATURE_FILE"
+  echo ""
+  echo "SQLite database '$DB_NAME' created successfully."
+  echo "Now you can place $DB_NAME to 'datadir' of management service."
+  echo -e "Example:\n\tdocker compose cp $DB_NAME management:/var/lib/netbird/"
+}
+
+download_geolite_mmdb
+echo -e "\n\n"
+download_geolite_csv_and_create_sqlite_db
+echo -e "\n\n"
+echo "After copying the database files to the management service. You can restart the management service with:"
+echo -e "Example:\n\tdocker compose restart management"
--- a/infrastructure_files/getting-started-with-zitadel.sh
+++ b/infrastructure_files/getting-started-with-zitadel.sh
@@ -103,25 +103,13 @@ wait_api() {
    INSTANCE_URL=$1
    PAT=$2
    set +e
-    counter=1
    while true; do
-      FLAGS="-s"
-      if [[ $counter -eq 45 ]]; then
-        FLAGS="-v"
-        echo ""
-      fi
-
-      curl $FLAGS --fail --connect-timeout 1 -o /dev/null "$INSTANCE_URL/auth/v1/users/me" -H "Authorization: Bearer $PAT"
+      curl -s --fail -o /dev/null "$INSTANCE_URL/auth/v1/users/me" -H "Authorization: Bearer $PAT"
      if [[ $? -eq 0 ]]; then
        break
      fi
-      if [[ $counter -eq 45 ]]; then
-        echo ""
-        echo "Unable to connect to Zitadel for more than 45s, please check the output above, your firewall rules and the caddy container logs to confirm if there are any issues provisioning TLS certificates"
-      fi
      echo -n " ."
      sleep 1
-      counter=$((counter + 1))
    done
    echo " done"
    set -e
@@ -436,10 +424,8 @@ initEnvironment() {
  ZITADEL_MASTERKEY="$(openssl rand -base64 32 | head -c 32)"
  NETBIRD_PORT=80
  NETBIRD_HTTP_PROTOCOL="http"
-  NETBIRD_RELAY_PROTO="rel"
  TURN_USER="self"
  TURN_PASSWORD=$(openssl rand -base64 32 | sed 's/=//g')
-  NETBIRD_RELAY_AUTH_SECRET=$(openssl rand -base64 32 | sed 's/=//g')
  TURN_MIN_PORT=49152
  TURN_MAX_PORT=65535
  TURN_EXTERNAL_IP_CONFIG=$(get_turn_external_ip)
@@ -456,7 +442,6 @@ initEnvironment() {
    NETBIRD_PORT=443
    CADDY_SECURE_DOMAIN=", $NETBIRD_DOMAIN:$NETBIRD_PORT"
    NETBIRD_HTTP_PROTOCOL="https"
-    NETBIRD_RELAY_PROTO="rels"
  fi

  if [[ "$OSTYPE" == "darwin"* ]]; then
@@ -473,7 +458,7 @@ initEnvironment() {
    echo "Generated files already exist, if you want to reinitialize the environment, please remove them first."
    echo "You can use the following commands:"
    echo "  $DOCKER_COMPOSE_COMMAND down --volumes # to remove all containers and volumes"
-    echo "  rm -f docker-compose.yml Caddyfile zitadel.env dashboard.env machinekey/zitadel-admin-sa.token turnserver.conf management.json relay.env"
+    echo "  rm -f docker-compose.yml Caddyfile zitadel.env dashboard.env machinekey/zitadel-admin-sa.token turnserver.conf management.json"
    echo "Be aware that this will remove all data from the database, and you will have to reconfigure the dashboard."
    exit 1
  fi
@@ -499,7 +484,6 @@ initEnvironment() {
  echo "" > dashboard.env
  echo "" > turnserver.conf
  echo "" > management.json
-  echo "" > relay.env

  mkdir -p machinekey
  chmod 777 machinekey
@@ -514,7 +498,6 @@ initEnvironment() {
  renderTurnServerConf > turnserver.conf
  renderManagementJson > management.json
  renderDashboardEnv > dashboard.env
-  renderRelayEnv > relay.env

  echo -e "\nStarting NetBird services\n"
  $DOCKER_COMPOSE_COMMAND up -d
@@ -558,7 +541,7 @@ renderCaddyfile() {

        # clickjacking protection
        # https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Headers_Cheat_Sheet.html#x-frame-options
-        X-Frame-Options "SAMEORIGIN"
+        X-Frame-Options "DENY"

        # xss protection
        # https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Headers_Cheat_Sheet.html#x-xss-protection
@@ -576,8 +559,6 @@ renderCaddyfile() {

 :80${CADDY_SECURE_DOMAIN} {
    import security_headers
-    # relay
-    reverse_proxy /relay* relay:80
    # Signal
    reverse_proxy /signalexchange.SignalExchange/* h2c://signal:10000
    # Management
@@ -648,11 +629,6 @@ renderManagementJson() {
        ],
        "TimeBasedCredentials": false
    },
-    "Relay": {
-        "Addresses": ["$NETBIRD_RELAY_PROTO://$NETBIRD_DOMAIN:$NETBIRD_PORT"],
-        "CredentialsTTL": "24h",
-        "Secret": "$NETBIRD_RELAY_AUTH_SECRET"
-    },
    "Signal": {
        "Proto": "$NETBIRD_HTTP_PROTOCOL",
        "URI": "$NETBIRD_DOMAIN:$NETBIRD_PORT"
@@ -768,15 +744,6 @@ POSTGRES_PASSWORD=$POSTGRES_ROOT_PASSWORD
 EOF
 }

-renderRelayEnv() {
-  cat <<EOF
-NB_LOG_LEVEL=info
-NB_LISTEN_ADDRESS=:80
-NB_EXPOSED_ADDRESS=$NETBIRD_RELAY_PROTO://$NETBIRD_DOMAIN:$NETBIRD_PORT
-NB_AUTH_SECRET=$NETBIRD_RELAY_AUTH_SECRET
-EOF
-}
-
 renderDockerCompose() {
  cat <<EOF
 version: "3.4"
@@ -815,18 +782,6 @@ services:
      options:
        max-size: "500m"
        max-file: "2"
-  # Relay
-  relay:
-    image: netbirdio/relay:latest
-    restart: unless-stopped
-    networks: [netbird]
-    env_file:
-      - ./relay.env
-    logging:
-      driver: "json-file"
-      options:
-        max-size: "500m"
-        max-file: "2"
  # Management
  management:
    image: netbirdio/management:latest
--- a/infrastructure_files/management.json.tmpl
+++ b/infrastructure_files/management.json.tmpl
@@ -20,11 +20,6 @@
        "Secret": "secret",
        "TimeBasedCredentials": false
    },
-    "Relay": {
-        "Addresses": ["rel://$NETBIRD_RELAY_DOMAIN:$NETBIRD_RELAY_PORT"],
-        "CredentialsTTL": "24h",
-        "Secret": "$NETBIRD_RELAY_AUTH_SECRET"
-    },
    "Signal": {
        "Proto": "$NETBIRD_SIGNAL_PROTOCOL",
        "URI": "$NETBIRD_DOMAIN:$NETBIRD_SIGNAL_PORT",
--- a/infrastructure_files/setup.env.example
+++ b/infrastructure_files/setup.env.example
@@ -7,7 +7,6 @@ NETBIRD_DASHBOARD_TAG=""
 NETBIRD_SIGNAL_TAG=""
 NETBIRD_MANAGEMENT_TAG=""
 COTURN_TAG=""
-NETBIRD_RELAY_TAG=""

 # Dashboard domain. e.g. app.mydomain.com
 NETBIRD_DOMAIN=""
@@ -92,14 +91,3 @@ NETBIRD_LETSENCRYPT_EMAIL=""
 NETBIRD_DISABLE_ANONYMOUS_METRICS=false
 # DNS DOMAIN configures the domain name used for peer resolution. By default it is netbird.selfhosted
 NETBIRD_MGMT_DNS_DOMAIN=netbird.selfhosted
-
-# -------------------------------------------
-# Relay settings
-# -------------------------------------------
-# Relay server domain. e.g. relay.mydomain.com
-# if not specified it will assume NETBIRD_DOMAIN
-NETBIRD_RELAY_DOMAIN=""
-
-# Relay server connection port. If none is supplied
-# it will default to 33080
-NETBIRD_RELAY_PORT=""
--- a/infrastructure_files/tests/setup.env
+++ b/infrastructure_files/tests/setup.env
@@ -25,5 +25,4 @@ NETBIRD_IDP_MGMT_CLIENT_SECRET=$CI_NETBIRD_IDP_MGMT_CLIENT_SECRET
 NETBIRD_SIGNAL_PORT=12345
 NETBIRD_STORE_CONFIG_ENGINE=$CI_NETBIRD_STORE_CONFIG_ENGINE
 NETBIRD_MGMT_IDP_SIGNKEY_REFRESH=$CI_NETBIRD_MGMT_IDP_SIGNKEY_REFRESH
-NETBIRD_TURN_EXTERNAL_IP=1.2.3.4
-NETBIRD_RELAY_PORT=33445
+NETBIRD_TURN_EXTERNAL_IP=1.2.3.4
--- a/management/client/client_test.go
+++ b/management/client/client_test.go
@@ -9,10 +9,7 @@ import (
 	"testing"
 	"time"

-	"github.com/stretchr/testify/require"
-
 	"github.com/netbirdio/netbird/management/server/activity"
-	"github.com/netbirdio/netbird/management/server/telemetry"

 	"github.com/netbirdio/netbird/client/system"

@@ -74,17 +71,15 @@ func startManagement(t *testing.T) (*grpc.Server, net.Listener) {
 	peersUpdateManager := mgmt.NewPeersUpdateManager(nil)
 	eventStore := &activity.InMemoryEventStore{}
 	ia, _ := integrations.NewIntegratedValidator(context.Background(), eventStore)
-
-	metrics, err := telemetry.NewDefaultAppMetrics(context.Background())
-	require.NoError(t, err)
-
-	accountManager, err := mgmt.BuildManager(context.Background(), store, peersUpdateManager, nil, "", "netbird.selfhosted", eventStore, nil, false, ia, metrics)
+	accountManager, err := mgmt.BuildManager(context.Background(), store, peersUpdateManager, nil, "", "netbird.selfhosted", eventStore, nil, false, ia)
 	if err != nil {
 		t.Fatal(err)
 	}
-
-	secretsManager := mgmt.NewTimeBasedAuthSecretsManager(peersUpdateManager, config.TURNConfig, config.Relay)
-	mgmtServer, err := mgmt.NewServer(context.Background(), config, accountManager, peersUpdateManager, secretsManager, nil, nil)
+	rc := &mgmt.RelayConfig{
+		Address: "localhost:0",
+	}
+	turnManager := mgmt.NewTimeBasedAuthSecretsManager(peersUpdateManager, config.TURNConfig, rc)
+	mgmtServer, err := mgmt.NewServer(context.Background(), config, accountManager, peersUpdateManager, turnManager, nil, nil)
 	if err != nil {
 		t.Fatal(err)
 	}
--- a/management/client/grpc.go
+++ b/management/client/grpc.go
@@ -2,7 +2,6 @@ package client

 import (
 	"context"
-	"errors"
 	"fmt"
 	"io"
 	"sync"
@@ -268,7 +267,7 @@ func (c *GrpcClient) receiveEvents(stream proto.ManagementService_SyncClient, se
 // GetServerPublicKey returns server's WireGuard public key (used later for encrypting messages sent to the server)
 func (c *GrpcClient) GetServerPublicKey() (*wgtypes.Key, error) {
 	if !c.ready() {
-		return nil, errors.New(errMsgNoMgmtConnection)
+		return nil, fmt.Errorf(errMsgNoMgmtConnection)
 	}

 	mgmCtx, cancel := context.WithTimeout(c.ctx, 5*time.Second)
@@ -315,7 +314,7 @@ func (c *GrpcClient) IsHealthy() bool {

 func (c *GrpcClient) login(serverKey wgtypes.Key, req *proto.LoginRequest) (*proto.LoginResponse, error) {
 	if !c.ready() {
-		return nil, errors.New(errMsgNoMgmtConnection)
+		return nil, fmt.Errorf(errMsgNoMgmtConnection)
 	}

 	loginReq, err := encryption.EncryptMessage(serverKey, c.key, req)
@@ -453,7 +452,7 @@ func (c *GrpcClient) GetPKCEAuthorizationFlow(serverKey wgtypes.Key) (*proto.PKC
 // It should be used if there is changes on peer posture check after initial sync.
 func (c *GrpcClient) SyncMeta(sysInfo *system.Info) error {
 	if !c.ready() {
-		return errors.New(errMsgNoMgmtConnection)
+		return fmt.Errorf(errMsgNoMgmtConnection)
 	}

 	serverPubKey, err := c.GetServerPublicKey()
--- a/management/cmd/management.go
+++ b/management/cmd/management.go
@@ -123,8 +123,6 @@ var (
 			return nil
 		},
 		RunE: func(cmd *cobra.Command, args []string) error {
-			flag.Parse()
-
 			ctx, cancel := context.WithCancel(cmd.Context())
 			defer cancel()
 			//nolint
@@ -180,11 +178,11 @@ var (
 				}
 			}

-			geo, err := geolocation.NewGeolocation(ctx, config.Datadir, !disableGeoliteUpdate)
+			geo, err := geolocation.NewGeolocation(ctx, config.Datadir)
 			if err != nil {
-				log.WithContext(ctx).Warnf("could not initialize geolocation service. proceeding without geolocation support: %v", err)
+				log.WithContext(ctx).Warnf("could not initialize geo location service: %v, we proceed without geo support", err)
 			} else {
-				log.WithContext(ctx).Infof("geolocation service has been initialized from %s", config.Datadir)
+				log.WithContext(ctx).Infof("geo location service has been initialized from %s", config.Datadir)
 			}

 			integratedPeerValidator, err := integrations.NewIntegratedValidator(ctx, eventStore)
@@ -192,12 +190,12 @@ var (
 				return fmt.Errorf("failed to initialize integrated peer validator: %v", err)
 			}
 			accountManager, err := server.BuildManager(ctx, store, peersUpdateManager, idpManager, mgmtSingleAccModeDomain,
-				dnsDomain, eventStore, geo, userDeleteFromIDPEnabled, integratedPeerValidator, appMetrics)
+				dnsDomain, eventStore, geo, userDeleteFromIDPEnabled, integratedPeerValidator)
 			if err != nil {
 				return fmt.Errorf("failed to build default manager: %v", err)
 			}

-			secretsManager := server.NewTimeBasedAuthSecretsManager(peersUpdateManager, config.TURNConfig, config.Relay)
+			turnRelayTokenManager := server.NewTimeBasedAuthSecretsManager(peersUpdateManager, config.TURNConfig, config.RelayConfig)

 			trustedPeers := config.ReverseProxy.TrustedPeers
 			defaultTrustedPeers := []netip.Prefix{netip.MustParsePrefix("0.0.0.0/0"), netip.MustParsePrefix("::/0")}
@@ -273,7 +271,7 @@ var (
 			ephemeralManager.LoadInitialPeers(ctx)

 			gRPCAPIHandler := grpc.NewServer(gRPCOpts...)
-			srv, err := server.NewServer(ctx, config, accountManager, peersUpdateManager, secretsManager, appMetrics, ephemeralManager)
+			srv, err := server.NewServer(ctx, config, accountManager, peersUpdateManager, turnRelayTokenManager, appMetrics, ephemeralManager)
 			if err != nil {
 				return fmt.Errorf("failed creating gRPC API handler: %v", err)
 			}
@@ -540,8 +538,8 @@ func loadMgmtConfig(ctx context.Context, mgmtConfigPath string) (*server.Config,
 		}
 	}

-	if loadedConfig.Relay != nil {
-		log.Infof("Relay addresses: %v", loadedConfig.Relay.Addresses)
+	if loadedConfig.RelayConfig != nil {
+		log.Infof("Relay address: %v", loadedConfig.RelayConfig.Address)
 	}

 	return loadedConfig, err
--- a/management/cmd/management_test.go
+++ b/management/cmd/management_test.go
@@ -7,20 +7,15 @@ import (
 )

 const (
-	exampleConfig = `{
-	  "Relay": {
-		"Addresses": [
-		  "rel://192.168.100.1:8085",
-		  "rel://192.168.100.1:8086"
-		],
-		"CredentialsTTL": "12h0m0s",
-		"Secret": "8f7e9d6c5b4a3f2e1d0c9b8a7f6e5d4c3b2a1f0e9d8c7b6a5f4e3d2c1b0a9f8"
-	  },
-	  "HttpConfig": {
-		"AuthAudience": "https://stageapp/",
-		"AuthIssuer": "https://something.eu.auth0.com/",
-		"OIDCConfigEndpoint": "https://something.eu.auth0.com/.well-known/openid-configuration"
-	  }
+	exampleConfig = `{	
+		"RelayConfig": {
+		   "Address": "rels://relay.stage.npeer.io"
+		},
+		"HttpConfig": {
+			"AuthAudience": "https://stageapp/",
+			"AuthIssuer": "https://something.eu.auth0.com/",
+			"OIDCConfigEndpoint": "https://something.eu.auth0.com/.well-known/openid-configuration"
+		}
 	}`
 )

@@ -34,10 +29,10 @@ func Test_loadMgmtConfig(t *testing.T) {
 	if err != nil {
 		t.Fatalf("failed to load management config: %s", err)
 	}
-	if cfg.Relay == nil {
+	if cfg.RelayConfig == nil {
 		t.Fatalf("config is nil")
 	}
-	if len(cfg.Relay.Addresses) == 0 {
+	if cfg.RelayConfig.Address == "" {
 		t.Fatalf("relay address is empty")
 	}
 }
--- a/management/cmd/root.go
+++ b/management/cmd/root.go
@@ -24,7 +24,6 @@ var (
 	logFile                  string
 	disableMetrics           bool
 	disableSingleAccMode     bool
-	disableGeoliteUpdate     bool
 	idpSignKeyRefreshEnabled bool
 	userDeleteFromIDPEnabled bool

@@ -66,7 +65,6 @@ func init() {
 	mgmtCmd.Flags().StringVar(&dnsDomain, "dns-domain", defaultSingleAccModeDomain, fmt.Sprintf("Domain used for peer resolution. This is appended to the peer's name, e.g. pi-server. %s. Max length is 192 characters to allow appending to a peer name with up to 63 characters.", defaultSingleAccModeDomain))
 	mgmtCmd.Flags().BoolVar(&idpSignKeyRefreshEnabled, idpSignKeyRefreshEnabledFlagName, false, "Enable cache headers evaluation to determine signing key rotation period. This will refresh the signing key upon expiry.")
 	mgmtCmd.Flags().BoolVar(&userDeleteFromIDPEnabled, "user-delete-from-idp", false, "Allows to delete user from IDP when user is deleted from account")
-	mgmtCmd.Flags().BoolVar(&disableGeoliteUpdate, "disable-geolite-update", true, "disables automatic updates to the Geolite2 geolocation databases")
 	rootCmd.MarkFlagRequired("config") //nolint

 	rootCmd.PersistentFlags().StringVar(&logLevel, "log-level", "info", "")
--- a/management/server/account.go
+++ b/management/server/account.go
@@ -18,8 +18,6 @@ import (

 	"github.com/eko/gocache/v3/cache"
 	cacheStore "github.com/eko/gocache/v3/store"
-	"github.com/hashicorp/go-multierror"
-	"github.com/miekg/dns"
 	gocache "github.com/patrickmn/go-cache"
 	"github.com/rs/xid"
 	log "github.com/sirupsen/logrus"
@@ -39,7 +37,6 @@ import (
 	nbpeer "github.com/netbirdio/netbird/management/server/peer"
 	"github.com/netbirdio/netbird/management/server/posture"
 	"github.com/netbirdio/netbird/management/server/status"
-	"github.com/netbirdio/netbird/management/server/telemetry"
 	"github.com/netbirdio/netbird/route"
 )

@@ -68,7 +65,6 @@ type AccountManager interface {
 	SaveSetupKey(ctx context.Context, accountID string, key *SetupKey, userID string) (*SetupKey, error)
 	CreateUser(ctx context.Context, accountID, initiatorUserID string, key *UserInfo) (*UserInfo, error)
 	DeleteUser(ctx context.Context, accountID, initiatorUserID string, targetUserID string) error
-	DeleteRegularUsers(ctx context.Context, accountID, initiatorUserID string, targetUserIDs []string) error
 	InviteUser(ctx context.Context, accountID string, initiatorUserID string, targetUserID string) error
 	ListSetupKeys(ctx context.Context, accountID, userID string) ([]*SetupKey, error)
 	SaveUser(ctx context.Context, accountID, initiatorUserID string, update *User) (*UserInfo, error)
@@ -102,7 +98,6 @@ type AccountManager interface {
 	SaveGroup(ctx context.Context, accountID, userID string, group *nbgroup.Group) error
 	SaveGroups(ctx context.Context, accountID, userID string, newGroups []*nbgroup.Group) error
 	DeleteGroup(ctx context.Context, accountId, userId, groupID string) error
-	DeleteGroups(ctx context.Context, accountId, userId string, groupIDs []string) error
 	ListGroups(ctx context.Context, accountId string) ([]*nbgroup.Group, error)
 	GroupAddPeer(ctx context.Context, accountId, groupID, peerID string) error
 	GroupDeletePeer(ctx context.Context, accountId, groupID, peerID string) error
@@ -161,8 +156,6 @@ type DefaultAccountManager struct {
 	eventStore           activity.Store
 	geo                  *geolocation.Geolocation

-	requestBuffer *AccountRequestBuffer
-
 	// singleAccountMode indicates whether the instance has a single account.
 	// If true, then every new user will end up under the same account.
 	// This value will be set to false if management service has more than one account.
@@ -177,8 +170,6 @@ type DefaultAccountManager struct {
 	userDeleteFromIDPEnabled bool

 	integratedPeerValidator integrated_validator.IntegratedValidator
-
-	metrics telemetry.AppMetrics
 }

 // Settings represents Account settings structure that can be modified via API and Dashboard
@@ -410,16 +401,8 @@ func (a *Account) GetGroup(groupID string) *nbgroup.Group {
 	return a.Groups[groupID]
 }

-// GetPeerNetworkMap returns the networkmap for the given peer ID.
-func (a *Account) GetPeerNetworkMap(
-	ctx context.Context,
-	peerID string,
-	peersCustomZone nbdns.CustomZone,
-	validatedPeersMap map[string]struct{},
-	metrics *telemetry.AccountManagerMetrics,
-) *NetworkMap {
-	start := time.Now()
-
+// GetPeerNetworkMap returns a group by ID if exists, nil otherwise
+func (a *Account) GetPeerNetworkMap(ctx context.Context, peerID, dnsDomain string, validatedPeersMap map[string]struct{}) *NetworkMap {
 	peer := a.Peers[peerID]
 	if peer == nil {
 		return &NetworkMap{
@@ -455,7 +438,7 @@ func (a *Account) GetPeerNetworkMap(

 	if dnsManagementStatus {
 		var zones []nbdns.CustomZone
-
+		peersCustomZone := getPeersCustomZone(ctx, a, dnsDomain)
 		if peersCustomZone.Domain != "" {
 			zones = append(zones, peersCustomZone)
 		}
@@ -463,7 +446,7 @@ func (a *Account) GetPeerNetworkMap(
 		dnsUpdate.NameServerGroups = getPeerNSGroups(a, peerID)
 	}

-	nm := &NetworkMap{
+	return &NetworkMap{
 		Peers:         peersToConnect,
 		Network:       a.Network.Copy(),
 		Routes:        routesUpdate,
@@ -471,66 +454,6 @@ func (a *Account) GetPeerNetworkMap(
 		OfflinePeers:  expiredPeers,
 		FirewallRules: firewallRules,
 	}
-
-	if metrics != nil {
-		objectCount := int64(len(peersToConnect) + len(expiredPeers) + len(routesUpdate) + len(firewallRules))
-		metrics.CountNetworkMapObjects(objectCount)
-		metrics.CountGetPeerNetworkMapDuration(time.Since(start))
-
-		if objectCount > 5000 {
-			log.WithContext(ctx).Tracef("account: %s has a total resource count of %d objects, "+
-				"peers to connect: %d, expired peers: %d, routes: %d, firewall rules: %d",
-				a.Id, objectCount, len(peersToConnect), len(expiredPeers), len(routesUpdate), len(firewallRules))
-		}
-	}
-
-	return nm
-}
-
-func (a *Account) GetPeersCustomZone(ctx context.Context, dnsDomain string) nbdns.CustomZone {
-	var merr *multierror.Error
-
-	if dnsDomain == "" {
-		log.WithContext(ctx).Error("no dns domain is set, returning empty zone")
-		return nbdns.CustomZone{}
-	}
-
-	customZone := nbdns.CustomZone{
-		Domain:  dns.Fqdn(dnsDomain),
-		Records: make([]nbdns.SimpleRecord, 0, len(a.Peers)),
-	}
-
-	domainSuffix := "." + dnsDomain
-
-	var sb strings.Builder
-	for _, peer := range a.Peers {
-		if peer.DNSLabel == "" {
-			merr = multierror.Append(merr, fmt.Errorf("peer %s has an empty DNS label", peer.Name))
-			continue
-		}
-
-		sb.Grow(len(peer.DNSLabel) + len(domainSuffix))
-		sb.WriteString(peer.DNSLabel)
-		sb.WriteString(domainSuffix)
-
-		customZone.Records = append(customZone.Records, nbdns.SimpleRecord{
-			Name:  sb.String(),
-			Type:  int(dns.TypeA),
-			Class: nbdns.DefaultClass,
-			TTL:   defaultTTL,
-			RData: peer.IP.String(),
-		})
-
-		sb.Reset()
-	}
-
-	go func() {
-		if merr != nil {
-			log.WithContext(ctx).Errorf("error generating custom zone for account %s: %v", a.Id, merr)
-		}
-	}()
-
-	return customZone
 }

 // GetExpiredPeers returns peers that have been expired
@@ -930,7 +853,7 @@ func (a *Account) UserGroupsAddToPeers(userID string, groups ...string) {
 func (a *Account) UserGroupsRemoveFromPeers(userID string, groups ...string) {
 	for _, gid := range groups {
 		group, ok := a.Groups[gid]
-		if !ok || group.Name == "All" {
+		if !ok {
 			continue
 		}
 		update := make([]string, 0, len(group.Peers))
@@ -948,18 +871,10 @@ func (a *Account) UserGroupsRemoveFromPeers(userID string, groups ...string) {
 }

 // BuildManager creates a new DefaultAccountManager with a provided Store
-func BuildManager(
-	ctx context.Context,
-	store Store,
-	peersUpdateManager *PeersUpdateManager,
-	idpManager idp.Manager,
-	singleAccountModeDomain string,
-	dnsDomain string,
-	eventStore activity.Store,
-	geo *geolocation.Geolocation,
+func BuildManager(ctx context.Context, store Store, peersUpdateManager *PeersUpdateManager, idpManager idp.Manager,
+	singleAccountModeDomain string, dnsDomain string, eventStore activity.Store, geo *geolocation.Geolocation,
 	userDeleteFromIDPEnabled bool,
 	integratedPeerValidator integrated_validator.IntegratedValidator,
-	metrics telemetry.AppMetrics,
 ) (*DefaultAccountManager, error) {
 	am := &DefaultAccountManager{
 		Store:                    store,
@@ -974,8 +889,6 @@ func BuildManager(
 		peerLoginExpiry:          NewDefaultScheduler(),
 		userDeleteFromIDPEnabled: userDeleteFromIDPEnabled,
 		integratedPeerValidator:  integratedPeerValidator,
-		metrics:                  metrics,
-		requestBuffer:            NewAccountRequestBuffer(ctx, store),
 	}
 	allAccounts := store.GetAllAccounts(ctx)
 	// enable single account mode only if configured by user and number of existing accounts is not grater than 1
@@ -2081,28 +1994,6 @@ func (am *DefaultAccountManager) GetAccountIDForPeerKey(ctx context.Context, pee
 	return am.Store.GetAccountIDByPeerPubKey(ctx, peerKey)
 }

-func (am *DefaultAccountManager) handleUserPeer(ctx context.Context, peer *nbpeer.Peer, settings *Settings) (bool, error) {
-	user, err := am.Store.GetUserByUserID(ctx, peer.UserID)
-	if err != nil {
-		return false, err
-	}
-
-	err = checkIfPeerOwnerIsBlocked(peer, user)
-	if err != nil {
-		return false, err
-	}
-
-	if peerLoginExpired(ctx, peer, settings) {
-		err = am.handleExpiredPeer(ctx, user, peer)
-		if err != nil {
-			return false, err
-		}
-		return true, nil
-	}
-
-	return false, nil
-}
-
 // addAllGroup to account object if it doesn't exist
 func addAllGroup(account *Account) error {
 	if len(account.Groups) == 0 {
--- a/management/server/account_request_buffer.go
+++ b/management/server/account_request_buffer.go
@@ -1,108 +0,0 @@
-package server
-
-import (
-	"context"
-	"os"
-	"sync"
-	"time"
-
-	log "github.com/sirupsen/logrus"
-)
-
-// AccountRequest holds the result channel to return the requested account.
-type AccountRequest struct {
-	AccountID  string
-	ResultChan chan *AccountResult
-}
-
-// AccountResult holds the account data or an error.
-type AccountResult struct {
-	Account *Account
-	Err     error
-}
-
-type AccountRequestBuffer struct {
-	store               Store
-	getAccountRequests  map[string][]*AccountRequest
-	mu                  sync.Mutex
-	getAccountRequestCh chan *AccountRequest
-	bufferInterval      time.Duration
-}
-
-func NewAccountRequestBuffer(ctx context.Context, store Store) *AccountRequestBuffer {
-	bufferIntervalStr := os.Getenv("NB_GET_ACCOUNT_BUFFER_INTERVAL")
-	bufferInterval, err := time.ParseDuration(bufferIntervalStr)
-	if err != nil {
-		if bufferIntervalStr != "" {
-			log.WithContext(ctx).Warnf("failed to parse account request buffer interval: %s", err)
-		}
-		bufferInterval = 100 * time.Millisecond
-	}
-
-	log.WithContext(ctx).Infof("set account request buffer interval to %s", bufferInterval)
-
-	ac := AccountRequestBuffer{
-		store:               store,
-		getAccountRequests:  make(map[string][]*AccountRequest),
-		getAccountRequestCh: make(chan *AccountRequest),
-		bufferInterval:      bufferInterval,
-	}
-
-	go ac.processGetAccountRequests(ctx)
-
-	return &ac
-}
-func (ac *AccountRequestBuffer) GetAccountWithBackpressure(ctx context.Context, accountID string) (*Account, error) {
-	req := &AccountRequest{
-		AccountID:  accountID,
-		ResultChan: make(chan *AccountResult, 1),
-	}
-
-	log.WithContext(ctx).Tracef("requesting account %s with backpressure", accountID)
-	startTime := time.Now()
-	ac.getAccountRequestCh <- req
-
-	result := <-req.ResultChan
-	log.WithContext(ctx).Tracef("got account with backpressure after %s", time.Since(startTime))
-	return result.Account, result.Err
-}
-
-func (ac *AccountRequestBuffer) processGetAccountBatch(ctx context.Context, accountID string) {
-	ac.mu.Lock()
-	requests := ac.getAccountRequests[accountID]
-	delete(ac.getAccountRequests, accountID)
-	ac.mu.Unlock()
-
-	if len(requests) == 0 {
-		return
-	}
-
-	startTime := time.Now()
-	account, err := ac.store.GetAccount(ctx, accountID)
-	log.WithContext(ctx).Tracef("getting account %s in batch took %s", accountID, time.Since(startTime))
-	result := &AccountResult{Account: account, Err: err}
-
-	for _, req := range requests {
-		req.ResultChan <- result
-		close(req.ResultChan)
-	}
-}
-
-func (ac *AccountRequestBuffer) processGetAccountRequests(ctx context.Context) {
-	for {
-		select {
-		case req := <-ac.getAccountRequestCh:
-			ac.mu.Lock()
-			ac.getAccountRequests[req.AccountID] = append(ac.getAccountRequests[req.AccountID], req)
-			if len(ac.getAccountRequests[req.AccountID]) == 1 {
-				go func(ctx context.Context, accountID string) {
-					time.Sleep(ac.bufferInterval)
-					ac.processGetAccountBatch(ctx, accountID)
-				}(ctx, req.AccountID)
-			}
-			ac.mu.Unlock()
-		case <-ctx.Done():
-			return
-		}
-	}
-}
--- a/management/server/account_test.go
+++ b/management/server/account_test.go
@@ -24,7 +24,6 @@ import (
 	"github.com/netbirdio/netbird/management/server/jwtclaims"
 	nbpeer "github.com/netbirdio/netbird/management/server/peer"
 	"github.com/netbirdio/netbird/management/server/posture"
-	"github.com/netbirdio/netbird/management/server/telemetry"
 	"github.com/netbirdio/netbird/route"
 )

@@ -411,8 +410,7 @@ func TestAccount_GetPeerNetworkMap(t *testing.T) {
 			validatedPeers[p] = struct{}{}
 		}

-		customZone := account.GetPeersCustomZone(context.Background(), "netbird.io")
-		networkMap := account.GetPeerNetworkMap(context.Background(), testCase.peerID, customZone, validatedPeers, nil)
+		networkMap := account.GetPeerNetworkMap(context.Background(), testCase.peerID, "netbird.io", validatedPeers)
 		assert.Len(t, networkMap.Peers, len(testCase.expectedPeers))
 		assert.Len(t, networkMap.OfflinePeers, len(testCase.expectedOfflinePeers))
 	}
@@ -2295,13 +2293,7 @@ func TestAccount_UserGroupsRemoveFromPeers(t *testing.T) {
 	})
 }

-type TB interface {
-	Cleanup(func())
-	Helper()
-	TempDir() string
-}
-
-func createManager(t TB) (*DefaultAccountManager, error) {
+func createManager(t *testing.T) (*DefaultAccountManager, error) {
 	t.Helper()

 	store, err := createStore(t)
@@ -2310,12 +2302,7 @@ func createManager(t TB) (*DefaultAccountManager, error) {
 	}
 	eventStore := &activity.InMemoryEventStore{}

-	metrics, err := telemetry.NewDefaultAppMetrics(context.Background())
-	if err != nil {
-		return nil, err
-	}
-
-	manager, err := BuildManager(context.Background(), store, NewPeersUpdateManager(nil), nil, "", "netbird.cloud", eventStore, nil, false, MocIntegratedValidator{}, metrics)
+	manager, err := BuildManager(context.Background(), store, NewPeersUpdateManager(nil), nil, "", "netbird.cloud", eventStore, nil, false, MocIntegratedValidator{})
 	if err != nil {
 		return nil, err
 	}
@@ -2323,7 +2310,7 @@ func createManager(t TB) (*DefaultAccountManager, error) {
 	return manager, nil
 }

-func createStore(t TB) (Store, error) {
+func createStore(t *testing.T) (Store, error) {
 	t.Helper()
 	dataDir := t.TempDir()
 	store, cleanUp, err := NewTestStoreFromJson(context.Background(), dataDir)
--- a/management/server/config.go
+++ b/management/server/config.go
@@ -32,10 +32,10 @@ const (

 // Config of the Management service
 type Config struct {
-	Stuns      []*Host
-	TURNConfig *TURNConfig
-	Relay      *Relay
-	Signal     *Host
+	Stuns       []*Host
+	TURNConfig  *TURNConfig
+	RelayConfig *RelayConfig
+	Signal      *Host

 	Datadir                string
 	DataStoreEncryptionKey string
@@ -76,10 +76,8 @@ type TURNConfig struct {
 	Turns                []*Host
 }

-type Relay struct {
-	Addresses      []string
-	CredentialsTTL util.Duration
-	Secret         string
+type RelayConfig struct {
+	Address string
 }

 // HttpServerConfig is a config of the HTTP Management service server
--- a/management/server/dns.go
+++ b/management/server/dns.go
@@ -4,8 +4,8 @@ import (
 	"context"
 	"fmt"
 	"strconv"
-	"sync"

+	"github.com/miekg/dns"
 	log "github.com/sirupsen/logrus"

 	nbdns "github.com/netbirdio/netbird/dns"
@@ -17,50 +17,6 @@ import (

 const defaultTTL = 300

-// DNSConfigCache is a thread-safe cache for DNS configuration components
-type DNSConfigCache struct {
-	CustomZones      sync.Map
-	NameServerGroups sync.Map
-}
-
-// GetCustomZone retrieves a cached custom zone
-func (c *DNSConfigCache) GetCustomZone(key string) (*proto.CustomZone, bool) {
-	if c == nil {
-		return nil, false
-	}
-	if value, ok := c.CustomZones.Load(key); ok {
-		return value.(*proto.CustomZone), true
-	}
-	return nil, false
-}
-
-// SetCustomZone stores a custom zone in the cache
-func (c *DNSConfigCache) SetCustomZone(key string, value *proto.CustomZone) {
-	if c == nil {
-		return
-	}
-	c.CustomZones.Store(key, value)
-}
-
-// GetNameServerGroup retrieves a cached name server group
-func (c *DNSConfigCache) GetNameServerGroup(key string) (*proto.NameServerGroup, bool) {
-	if c == nil {
-		return nil, false
-	}
-	if value, ok := c.NameServerGroups.Load(key); ok {
-		return value.(*proto.NameServerGroup), true
-	}
-	return nil, false
-}
-
-// SetNameServerGroup stores a name server group in the cache
-func (c *DNSConfigCache) SetNameServerGroup(key string, value *proto.NameServerGroup) {
-	if c == nil {
-		return
-	}
-	c.NameServerGroups.Store(key, value)
-}
-
 type lookupMap map[string]struct{}

 // DNSSettings defines dns settings at the account level
@@ -157,73 +113,69 @@ func (am *DefaultAccountManager) SaveDNSSettings(ctx context.Context, accountID
 	return nil
 }

-// toProtocolDNSConfig converts nbdns.Config to proto.DNSConfig using the cache
-func toProtocolDNSConfig(update nbdns.Config, cache *DNSConfigCache) *proto.DNSConfig {
-	protoUpdate := &proto.DNSConfig{
-		ServiceEnable:    update.ServiceEnable,
-		CustomZones:      make([]*proto.CustomZone, 0, len(update.CustomZones)),
-		NameServerGroups: make([]*proto.NameServerGroup, 0, len(update.NameServerGroups)),
-	}
+func toProtocolDNSConfig(update nbdns.Config) *proto.DNSConfig {
+	protoUpdate := &proto.DNSConfig{ServiceEnable: update.ServiceEnable}

 	for _, zone := range update.CustomZones {
-		cacheKey := zone.Domain
-		if cachedZone, exists := cache.GetCustomZone(cacheKey); exists {
-			protoUpdate.CustomZones = append(protoUpdate.CustomZones, cachedZone)
-		} else {
-			protoZone := convertToProtoCustomZone(zone)
-			cache.SetCustomZone(cacheKey, protoZone)
-			protoUpdate.CustomZones = append(protoUpdate.CustomZones, protoZone)
+		protoZone := &proto.CustomZone{Domain: zone.Domain}
+		for _, record := range zone.Records {
+			protoZone.Records = append(protoZone.Records, &proto.SimpleRecord{
+				Name:  record.Name,
+				Type:  int64(record.Type),
+				Class: record.Class,
+				TTL:   int64(record.TTL),
+				RData: record.RData,
+			})
 		}
+		protoUpdate.CustomZones = append(protoUpdate.CustomZones, protoZone)
 	}

 	for _, nsGroup := range update.NameServerGroups {
-		cacheKey := nsGroup.ID
-		if cachedGroup, exists := cache.GetNameServerGroup(cacheKey); exists {
-			protoUpdate.NameServerGroups = append(protoUpdate.NameServerGroups, cachedGroup)
-		} else {
-			protoGroup := convertToProtoNameServerGroup(nsGroup)
-			cache.SetNameServerGroup(cacheKey, protoGroup)
-			protoUpdate.NameServerGroups = append(protoUpdate.NameServerGroups, protoGroup)
+		protoGroup := &proto.NameServerGroup{
+			Primary:              nsGroup.Primary,
+			Domains:              nsGroup.Domains,
+			SearchDomainsEnabled: nsGroup.SearchDomainsEnabled,
 		}
+		for _, ns := range nsGroup.NameServers {
+			protoNS := &proto.NameServer{
+				IP:     ns.IP.String(),
+				Port:   int64(ns.Port),
+				NSType: int64(ns.NSType),
+			}
+			protoGroup.NameServers = append(protoGroup.NameServers, protoNS)
+		}
+		protoUpdate.NameServerGroups = append(protoUpdate.NameServerGroups, protoGroup)
 	}

 	return protoUpdate
 }

-// Helper function to convert nbdns.CustomZone to proto.CustomZone
-func convertToProtoCustomZone(zone nbdns.CustomZone) *proto.CustomZone {
-	protoZone := &proto.CustomZone{
-		Domain:  zone.Domain,
-		Records: make([]*proto.SimpleRecord, 0, len(zone.Records)),
+func getPeersCustomZone(ctx context.Context, account *Account, dnsDomain string) nbdns.CustomZone {
+	if dnsDomain == "" {
+		log.WithContext(ctx).Errorf("no dns domain is set, returning empty zone")
+		return nbdns.CustomZone{}
 	}
-	for _, record := range zone.Records {
-		protoZone.Records = append(protoZone.Records, &proto.SimpleRecord{
-			Name:  record.Name,
-			Type:  int64(record.Type),
-			Class: record.Class,
-			TTL:   int64(record.TTL),
-			RData: record.RData,
-		})
-	}
-	return protoZone
-}

-// Helper function to convert nbdns.NameServerGroup to proto.NameServerGroup
-func convertToProtoNameServerGroup(nsGroup *nbdns.NameServerGroup) *proto.NameServerGroup {
-	protoGroup := &proto.NameServerGroup{
-		Primary:              nsGroup.Primary,
-		Domains:              nsGroup.Domains,
-		SearchDomainsEnabled: nsGroup.SearchDomainsEnabled,
-		NameServers:          make([]*proto.NameServer, 0, len(nsGroup.NameServers)),
+	customZone := nbdns.CustomZone{
+		Domain: dns.Fqdn(dnsDomain),
 	}
-	for _, ns := range nsGroup.NameServers {
-		protoGroup.NameServers = append(protoGroup.NameServers, &proto.NameServer{
-			IP:     ns.IP.String(),
-			Port:   int64(ns.Port),
-			NSType: int64(ns.NSType),
+
+	for _, peer := range account.Peers {
+		if peer.DNSLabel == "" {
+			log.WithContext(ctx).Errorf("found a peer with empty dns label. It was probably caused by a invalid character in its name. Peer Name: %s", peer.Name)
+			continue
+		}
+
+		customZone.Records = append(customZone.Records, nbdns.SimpleRecord{
+			Name:  dns.Fqdn(peer.DNSLabel + "." + dnsDomain),
+			Type:  int(dns.TypeA),
+			Class: nbdns.DefaultClass,
+			TTL:   defaultTTL,
+			RData: peer.IP.String(),
 		})
 	}
-	return protoGroup
+
+	return customZone
 }

 func getPeerNSGroups(account *Account, peerID string) []*nbdns.NameServerGroup {
--- a/management/server/dns_test.go
+++ b/management/server/dns_test.go
@@ -2,14 +2,9 @@ package server

 import (
 	"context"
-	"fmt"
 	"net/netip"
-	"reflect"
 	"testing"

-	nbdns "github.com/netbirdio/netbird/dns"
-	"github.com/netbirdio/netbird/management/server/telemetry"
-
 	"github.com/stretchr/testify/require"

 	"github.com/netbirdio/netbird/dns"
@@ -200,11 +195,7 @@ func createDNSManager(t *testing.T) (*DefaultAccountManager, error) {
 		return nil, err
 	}
 	eventStore := &activity.InMemoryEventStore{}
-
-	metrics, err := telemetry.NewDefaultAppMetrics(context.Background())
-	require.NoError(t, err)
-
-	return BuildManager(context.Background(), store, NewPeersUpdateManager(nil), nil, "", "netbird.test", eventStore, nil, false, MocIntegratedValidator{}, metrics)
+	return BuildManager(context.Background(), store, NewPeersUpdateManager(nil), nil, "", "netbird.test", eventStore, nil, false, MocIntegratedValidator{})
 }

 func createDNSStore(t *testing.T) (Store, error) {
@@ -329,150 +320,3 @@ func initTestDNSAccount(t *testing.T, am *DefaultAccountManager) (*Account, erro

 	return am.Store.GetAccount(context.Background(), account.Id)
 }
-
-func generateTestData(size int) nbdns.Config {
-	config := nbdns.Config{
-		ServiceEnable:    true,
-		CustomZones:      make([]nbdns.CustomZone, size),
-		NameServerGroups: make([]*nbdns.NameServerGroup, size),
-	}
-
-	for i := 0; i < size; i++ {
-		config.CustomZones[i] = nbdns.CustomZone{
-			Domain: fmt.Sprintf("domain%d.com", i),
-			Records: []nbdns.SimpleRecord{
-				{
-					Name:  fmt.Sprintf("record%d", i),
-					Type:  1,
-					Class: "IN",
-					TTL:   3600,
-					RData: "192.168.1.1",
-				},
-			},
-		}
-
-		config.NameServerGroups[i] = &nbdns.NameServerGroup{
-			ID:                   fmt.Sprintf("group%d", i),
-			Primary:              i == 0,
-			Domains:              []string{fmt.Sprintf("domain%d.com", i)},
-			SearchDomainsEnabled: true,
-			NameServers: []nbdns.NameServer{
-				{
-					IP:     netip.MustParseAddr("8.8.8.8"),
-					Port:   53,
-					NSType: 1,
-				},
-			},
-		}
-	}
-
-	return config
-}
-
-func BenchmarkToProtocolDNSConfig(b *testing.B) {
-	sizes := []int{10, 100, 1000}
-
-	for _, size := range sizes {
-		testData := generateTestData(size)
-
-		b.Run(fmt.Sprintf("WithCache-Size%d", size), func(b *testing.B) {
-			cache := &DNSConfigCache{}
-
-			b.ResetTimer()
-			for i := 0; i < b.N; i++ {
-				toProtocolDNSConfig(testData, cache)
-			}
-		})
-
-		b.Run(fmt.Sprintf("WithoutCache-Size%d", size), func(b *testing.B) {
-			b.ResetTimer()
-			for i := 0; i < b.N; i++ {
-				cache := &DNSConfigCache{}
-				toProtocolDNSConfig(testData, cache)
-			}
-		})
-	}
-}
-
-func TestToProtocolDNSConfigWithCache(t *testing.T) {
-	var cache DNSConfigCache
-
-	// Create two different configs
-	config1 := nbdns.Config{
-		ServiceEnable: true,
-		CustomZones: []nbdns.CustomZone{
-			{
-				Domain: "example.com",
-				Records: []nbdns.SimpleRecord{
-					{Name: "www", Type: 1, Class: "IN", TTL: 300, RData: "192.168.1.1"},
-				},
-			},
-		},
-		NameServerGroups: []*nbdns.NameServerGroup{
-			{
-				ID:   "group1",
-				Name: "Group 1",
-				NameServers: []nbdns.NameServer{
-					{IP: netip.MustParseAddr("8.8.8.8"), Port: 53},
-				},
-			},
-		},
-	}
-
-	config2 := nbdns.Config{
-		ServiceEnable: true,
-		CustomZones: []nbdns.CustomZone{
-			{
-				Domain: "example.org",
-				Records: []nbdns.SimpleRecord{
-					{Name: "mail", Type: 1, Class: "IN", TTL: 300, RData: "192.168.1.2"},
-				},
-			},
-		},
-		NameServerGroups: []*nbdns.NameServerGroup{
-			{
-				ID:   "group2",
-				Name: "Group 2",
-				NameServers: []nbdns.NameServer{
-					{IP: netip.MustParseAddr("8.8.4.4"), Port: 53},
-				},
-			},
-		},
-	}
-
-	// First run with config1
-	result1 := toProtocolDNSConfig(config1, &cache)
-
-	// Second run with config2
-	result2 := toProtocolDNSConfig(config2, &cache)
-
-	// Third run with config1 again
-	result3 := toProtocolDNSConfig(config1, &cache)
-
-	// Verify that result1 and result3 are identical
-	if !reflect.DeepEqual(result1, result3) {
-		t.Errorf("Results are not identical when run with the same input. Expected %v, got %v", result1, result3)
-	}
-
-	// Verify that result2 is different from result1 and result3
-	if reflect.DeepEqual(result1, result2) || reflect.DeepEqual(result2, result3) {
-		t.Errorf("Results should be different for different inputs")
-	}
-
-	// Verify that the cache contains elements from both configs
-	if _, exists := cache.GetCustomZone("example.com"); !exists {
-		t.Errorf("Cache should contain custom zone for example.com")
-	}
-
-	if _, exists := cache.GetCustomZone("example.org"); !exists {
-		t.Errorf("Cache should contain custom zone for example.org")
-	}
-
-	if _, exists := cache.GetNameServerGroup("group1"); !exists {
-		t.Errorf("Cache should contain name server group 'group1'")
-	}
-
-	if _, exists := cache.GetNameServerGroup("group2"); !exists {
-		t.Errorf("Cache should contain name server group 'group2'")
-	}
-}
--- a/Show More
+++ b/Show More
Author	SHA1	Message	Date
Zoltán Papp	32fbb7da51	Add debug	2024-08-15 17:59:44 +02:00
Zoltán Papp	694c468e76	Add debug info	2024-08-15 17:54:21 +02:00
Zoltán Papp	887c789171	Remove test cases	2024-08-15 17:51:56 +02:00
Zoltán Papp	8740473753	Add test loop	2024-08-15 17:48:54 +02:00
Zoltán Papp	a023bcedb1	Add test cases	2024-08-15 17:44:01 +02:00
Zoltán Papp	73255051dd	Remove is not important tests	2024-08-15 17:37:03 +02:00
Zoltán Papp	d36880fc3f	Add test	2024-08-15 17:35:51 +02:00
Zoltán Papp	f2e865f493	Fix lint issue in healthcheck test	2024-08-15 11:20:08 +02:00
Zoltán Papp	22f5ca8490	Fix lint issues	2024-08-15 11:09:47 +02:00
Zoltán Papp	a8e1e5139b	Fix cognitive complexity	2024-08-15 10:58:48 +02:00
Zoltán Papp	5a653732a3	Reduce TURNReaderMain Cognitive Complexity	2024-08-15 10:18:56 +02:00
Zoltán Papp	2df6eefac3	Remove unnecessary test	2024-08-14 17:05:14 +02:00
Zoltán Papp	86f745eb9d	Fix complexity	2024-08-14 17:04:13 +02:00
Zoltán Papp	049b981746	Lint fix	2024-08-14 16:53:49 +02:00
Zoltán Papp	a918a99396	Lint fix	2024-08-14 16:52:29 +02:00
Zoltán Papp	30f22eca73	Revert debug changes	2024-08-14 16:48:48 +02:00
Zoltán Papp	f4f09ec2e2	Fix deleted files	2024-08-14 16:46:12 +02:00
Zoltán Papp	f3cbf96a13	Add songgao/water lib	2024-08-14 16:43:56 +02:00
Zoltán Papp	ce383eb259	Add ec2 test	2024-08-14 16:39:40 +02:00
Zoltán Papp	b31f25ec70	Add test code	2024-08-12 15:32:01 +02:00
Zoltán Papp	2f848cc51b	Remove unused variables	2024-08-07 11:19:47 +02:00
Zoltán Papp	b380f17064	Refactor commandline parameters	2024-08-07 11:01:05 +02:00
Zoltán Papp	f08bf93b19	Grammar fixes	2024-08-06 17:25:51 +02:00
Zoltán Papp	ad75c9f31a	Fix default log level	2024-08-06 17:21:06 +02:00
Zoltán Papp	0f20e2ce70	Fix lint	2024-08-06 17:20:00 +02:00
Zoltán Papp	7ef9a3de7e	Configurable log level	2024-08-06 16:34:33 +02:00
Zoltán Papp	7d44be55be	Add route53 support for TLS handling	2024-08-06 15:05:01 +02:00
Zoltán Papp	5400754954	Fix changes after merge - regenerate proto file - use interface instead of pointer	2024-08-05 12:05:40 +02:00
Zoltán Papp	9700b105b3	Merge branch 'main' into feature/relay-integration	2024-08-05 11:31:34 +02:00
Zoltán Papp	7da74e707a	Fix continuous handshake sending with the agent without relay support.	2024-08-05 09:46:01 +02:00
Zoltán Papp	cbe90b5dd9	Fix wg update	2024-08-02 09:50:42 +02:00
Zoltán Papp	e5f8ecdeb7	Fix eBPF conn close logic	2024-07-30 15:36:10 +02:00
Zoltán Papp	aa1a482669	Fix lint	2024-07-29 22:03:09 +02:00
Zoltán Papp	7942b0ebae	Add doc	2024-07-29 21:58:27 +02:00
Zoltán Papp	5be33d668b	Add doc	2024-07-29 21:53:07 +02:00
Zoltán Papp	12f472c58c	Add test	2024-07-29 21:39:17 +02:00
Zoltán Papp	100e31276f	Fix slow peer open function	2024-07-29 15:56:19 +02:00
Zoltán Papp	4b37311e54	Code cleaning	2024-07-26 15:41:40 +02:00
Zoltán Papp	d2c9a44953	Fix server listen	2024-07-26 14:45:34 +02:00
Zoltán Papp	b946088a90	Add benchmark test	2024-07-26 14:13:29 +02:00
Zoltán Papp	a8b58a182e	Change exponent settings	2024-07-26 13:42:33 +02:00
Zoltan Papp	61c06c7dd2	Avoid unnecessary wg reconfiguration	2024-07-26 13:40:43 +02:00
Zoltan Papp	a31d43a14c	Rename variable	2024-07-26 13:38:32 +02:00
Zoltan Papp	9ee062b4d1	Change log	2024-07-26 13:37:53 +02:00
Zoltán Papp	d70df99f7b	Fix memory leak Avoid to add listeners to multiple times	2024-07-25 17:21:27 +02:00
Zoltán Papp	b62ad97e59	Fix wg state check exit logic	2024-07-25 12:37:59 +02:00
Zoltán Papp	efa0bbdf3d	Remove unused logs	2024-07-25 11:09:45 +02:00
Zoltán Papp	8861e89ab0	Remove unused dependencies	2024-07-25 11:05:38 +02:00
Zoltán Papp	e1ee73500a	Remove unused codes	2024-07-25 11:03:54 +02:00
Zoltan Papp	163a80d53e	Fix sonar issue	2024-07-25 00:23:34 +02:00
Zoltan Papp	7279d58110	Fix sonar issue	2024-07-25 00:20:03 +02:00
Zoltan Papp	7b677f8db2	Fix sonar issue	2024-07-25 00:19:07 +02:00
Zoltan Papp	856c97b9df	Fix sonar issue	2024-07-25 00:14:19 +02:00
Zoltan Papp	6f36ec7a32	Fix sonar issue	2024-07-25 00:13:05 +02:00
Zoltan Papp	3e82fcbdd0	Fix sonar issue	2024-07-25 00:09:44 +02:00
Zoltan Papp	ff167e2907	Fix sonar issue	2024-07-25 00:04:27 +02:00
Zoltan Papp	08022dca10	Fix sonar issue and fix conn id handling	2024-07-24 23:57:33 +02:00
Zoltan Papp	5dbe5d0d49	Fix sonar issue	2024-07-24 23:50:25 +02:00
Zoltan Papp	3d2ef17364	Fix sonar issue	2024-07-24 23:46:05 +02:00
Zoltan Papp	334926ce90	Fix status test	2024-07-24 23:27:15 +02:00
Zoltan Papp	4339b6528f	Skip benchmark test	2024-07-24 23:11:41 +02:00
Zoltán Papp	8568fbffdd	Fix test	2024-07-24 18:01:43 +02:00
Zoltán Papp	fdf9756808	Fix test	2024-07-24 17:52:19 +02:00
Zoltán Papp	1d833113ce	Fix test	2024-07-24 17:51:00 +02:00
Zoltán Papp	c42f7628d7	Fix test	2024-07-24 17:47:32 +02:00
Zoltán Papp	a4ba8bd3b8	Fix test	2024-07-24 17:45:42 +02:00
Zoltán Papp	7bfc505962	Fix test	2024-07-24 17:42:51 +02:00
Zoltán Papp	42ea9611d5	Fix test	2024-07-24 17:36:46 +02:00
Zoltán Papp	7ae9cffccc	Fix missing method after merge	2024-07-24 16:51:33 +02:00
Zoltán Papp	57f8c620c0	Typo fix	2024-07-24 16:34:47 +02:00
Zoltán Papp	ecb6f0831e	Add metrics	2024-07-24 16:26:26 +02:00
Zoltán Papp	4802b83ef9	Merge branch 'main' into feature/relay-integration	2024-07-24 13:40:25 +02:00
Zoltán Papp	20eb1f50e3	Fix loop close	2024-07-23 23:04:38 +02:00
Zoltán Papp	e9e3b8ba10	Check wg handshake status on worker relay	2024-07-23 22:43:20 +02:00
Zoltán Papp	2576221315	Fix isConnected logic in reconnection loop	2024-07-22 15:51:44 +02:00
Zoltán Papp	1097285d80	Fix len of write operation	2024-07-22 13:13:12 +02:00
Zoltán Papp	0329c12173	Fix relay close message handling	2024-07-22 13:04:32 +02:00
Zoltán Papp	03df0878dc	Add benchmark test	2024-07-21 13:40:23 +02:00
Zoltan Papp	8c7215a9f5	Add data transfer test	2024-07-20 13:00:19 +02:00
Zoltán Papp	e10bc658f5	Fix reconnect loop	2024-07-19 12:00:19 +02:00
Zoltán Papp	787c900342	Revert break	2024-07-18 14:45:36 +02:00
Zoltán Papp	f247a7be46	Fix reference check	2024-07-18 14:21:32 +02:00
Zoltán Papp	894d68adf2	Fix reference check	2024-07-18 13:16:50 +02:00
Zoltán Papp	f3282bea80	- add ip to log - remove unused timestamp from log	2024-07-18 13:11:27 +02:00
Zoltán Papp	233a7b9802	Remove env var for debug purpose	2024-07-18 10:41:14 +02:00
Zoltán Papp	e75fbd34a7	Add config file handling	2024-07-17 17:10:33 +02:00
Zoltán Papp	7162e0a2ac	- remove direct field from status - add randomisation factor for reconnection - fix rosenpass status	2024-07-17 16:26:41 +02:00
Zoltán Papp	03e8acccde	Fix peer state indication	2024-07-16 14:06:51 +02:00
Zoltán Papp	4ea55bfe3c	- Implement remote addr for conn - Eliminate cached offeranswer arguments - Fix exponent reset in conn reconnect loop - Fix on disconnected callback for permanent server - Add peer relay status for status details command	2024-07-16 11:02:32 +02:00
Zoltán Papp	add4e9f4e4	Merge branch 'feature/relay-status' into feature/relay-integration	2024-07-12 11:41:21 +02:00
Zoltán Papp	807b830663	Fix backoff ticker	2024-07-11 15:46:07 +02:00
Zoltán Papp	b5c9af9e9c	Add comment	2024-07-11 15:37:34 +02:00
Zoltán Papp	30331e8f62	Change random wait time	2024-07-11 15:37:07 +02:00
Zoltán Papp	ea93a5edd3	Add reconnect logic	2024-07-11 14:37:22 +02:00
Zoltán Papp	cb77ff4661	Fix relay instance address indication	2024-07-10 22:33:15 +02:00
Zoltán Papp	83b83ccfd2	Add relay server address for the status	2024-07-10 22:17:54 +02:00
Zoltán Papp	4e75e15ea1	Add relay address to signal OFFER	2024-07-10 18:39:24 +02:00
Zoltán Papp	06afe64aff	Fix deadlock	2024-07-10 18:34:04 +02:00
Zoltán Papp	7acaef1152	Try to fix wgproxy reference	2024-07-10 16:51:38 +02:00
Zoltán Papp	469be3442d	Remove hardcoded debug lines	2024-07-10 14:17:50 +02:00
Zoltán Papp	d1b6387803	Fix token sending	2024-07-10 13:21:50 +02:00
Zoltán Papp	820e2feec9	Move to relay address config to object Add test for mgm config parser	2024-07-10 11:30:02 +02:00
Zoltán Papp	e0d086a8a8	Implement dummy RemoteAddr on client conn	2024-07-10 10:12:49 +02:00
Zoltán Papp	1f95467b02	Sonar fix	2024-07-09 16:51:40 +02:00
Zoltán Papp	6553d8ce03	Sonar fix	2024-07-09 16:50:29 +02:00
Zoltán Papp	f0c829afac	Sonar fix	2024-07-09 16:48:50 +02:00
Zoltán Papp	86f14523e4	Add comment	2024-07-09 16:46:43 +02:00
Zoltán Papp	6cefcbfe5d	Add comment	2024-07-09 16:44:12 +02:00
Zoltán Papp	19103031ee	Optimisation for sonar	2024-07-09 16:38:50 +02:00
Zoltán Papp	7369f4bc38	Optimisation for sonar	2024-07-09 16:29:38 +02:00
Zoltán Papp	d9d275a7ce	Optimisation for sonar	2024-07-09 16:27:20 +02:00
Zoltán Papp	57b85f4f8d	Optimisation for sonar	2024-07-09 16:15:25 +02:00
Zoltán Papp	7ef191903e	Fix logging in handshaker	2024-07-09 16:06:36 +02:00
Zoltan Papp	3bd15dd1c4	Fix moc interface	2024-07-09 10:34:13 +02:00
Zoltan Papp	1065e0a6c5	Fix moc interface	2024-07-09 10:22:38 +02:00
Zoltan Papp	d4ff55e6fe	Fix typo	2024-07-09 10:09:09 +02:00
Zoltan Papp	5625d83c3f	Fix lint	2024-07-09 09:44:23 +02:00
Zoltan Papp	63f2f51614	Fix typo	2024-07-08 23:14:09 +02:00
Zoltan Papp	defdcb631e	Add sleep time for tests	2024-07-08 22:42:30 +02:00
Zoltan Papp	7bf0d04bed	Remove unused function	2024-07-08 22:19:18 +02:00
Zoltan Papp	e4ec1fd757	Add sleep time after server started	2024-07-08 22:13:31 +02:00
Zoltan Papp	dab50f35d7	Fix ipv6 issue on tests	2024-07-08 21:56:15 +02:00
Zoltan Papp	2d7e797e08	Fix body close	2024-07-08 21:55:03 +02:00
Zoltan Papp	c3e8187a47	Fix lint issues	2024-07-08 21:53:20 +02:00
Zoltan Papp	cfac8c4762	fix test timing	2024-07-08 21:34:39 +02:00
Zoltan Papp	d9dfae625b	Fix manager_test	2024-07-08 21:18:19 +02:00
Zoltán Papp	a9e6742d9a	- Remove heartbeat logs - Fix relay client tests - Fix auth ID unmarshalling - Add magic header check	2024-07-08 17:55:48 +02:00
Zoltán Papp	931f165c9a	Remove garbage	2024-07-08 17:38:23 +02:00
Zoltán Papp	2803e1669b	Remove meaningless tests	2024-07-08 17:24:49 +02:00
Zoltán Papp	f28a657a1d	extend wginterface func with windows related things	2024-07-08 17:08:54 +02:00
Zoltán Papp	1f949f8cee	Fix parameters of tests	2024-07-08 17:01:11 +02:00
Zoltán Papp	75f5b75bc4	Mock wginterface	2024-07-08 16:15:04 +02:00
Zoltán Papp	48a2f6e69d	Mock wginterface	2024-07-08 16:12:08 +02:00
Zoltan Papp	b3715b5fad	- Revert typos in turnCfg string - merge main	2024-07-08 15:05:29 +02:00
Zoltan Papp	836072098b	Integrate the relay authentication	2024-07-05 16:12:30 +02:00
Zoltan Papp	8845e8fbc7	replace bson to gob	2024-07-04 13:42:27 +02:00
Zoltan Papp	1a5ee744a8	- add file based cert - print out the exposed address - handle empty exposed address	2024-07-03 15:03:57 +02:00
Zoltan Papp	15a7b7629b	Add exposed address	2024-07-02 11:57:17 +02:00
Zoltán Papp	d3785dc1fa	Fix ssl configuration	2024-07-01 11:50:18 +02:00
Zoltán Papp	ed82ef7fe4	Fix error logging	2024-06-30 10:43:12 +02:00
Zoltán Papp	aa55fba5ee	Add client side heartbeat handling	2024-06-29 14:13:05 +02:00
Zoltán Papp	faeae52329	Support exit node in ws client	2024-06-28 11:44:50 +02:00
Zoltán Papp	9ae03046e7	rename file	2024-06-28 11:17:21 +02:00
Zoltán Papp	98aa830831	Rename client ws package	2024-06-28 11:17:06 +02:00
Zoltán Papp	c94c949173	Add comment	2024-06-28 11:12:53 +02:00
Zoltán Papp	183f746158	Order the source code	2024-06-27 18:42:40 +02:00
Zoltán Papp	dd0d15c9d4	Add healthcheck code	2024-06-27 18:40:12 +02:00
Zoltán Papp	4d0e16f2d0	- Remove WaitForExitAcceptedConns logic from server - Implement thread safe gracefully close logic - organise the server code	2024-06-27 02:36:44 +02:00
Zoltán Papp	3fcdb51376	Error handling	2024-06-26 16:23:50 +02:00
Zoltán Papp	c0efce6556	Fix msg delivery timeouts	2024-06-26 16:22:26 +02:00
Zoltán Papp	f0eb004582	Single thread on server sending	2024-06-26 15:26:19 +02:00
Zoltán Papp	0a59f12012	Env var to force relay usage	2024-06-26 15:25:32 +02:00
Zoltán Papp	745e4f76b1	Remove gorilla lib	2024-06-26 15:25:01 +02:00
Zoltán Papp	085d072b17	- Add sha prefix for peer id in protocol - Add magic cookie in hello msg - Add tests	2024-06-25 17:36:04 +02:00
Zoltán Papp	0a67f5be1a	Fix logic	2024-06-25 15:13:08 +02:00
Zoltán Papp	f72e852ccb	Remove duplicated code	2024-06-24 18:54:03 +02:00
Zoltán Papp	54dc78aab8	Remove debug log	2024-06-24 15:30:25 +02:00
Zoltán Papp	69d8d5aa86	Fix the active conn type logic	2024-06-21 19:13:41 +02:00
Zoltán Papp	7581bbd925	Handle on offer listener in handshaker	2024-06-21 15:35:15 +02:00
Zoltán Papp	4d67d72785	Use permanent credentials	2024-06-21 15:02:54 +02:00
Zoltán Papp	4a08f1a1e9	Refactor handshaker loop	2024-06-21 12:35:28 +02:00
Zoltán Papp	bfe60c01ba	Close proxy reading in case of eof	2024-06-21 00:55:30 +02:00
Zoltán Papp	06ceac65de	- Fix reconnect guard - Avoid double client creation	2024-06-21 00:55:07 +02:00
Zoltán Papp	6801dcb3f6	Fallback to relay conn	2024-06-20 18:17:30 +02:00
Zoltán Papp	c7db2c0524	Moc signal message support	2024-06-19 18:40:49 +02:00
Zoltán Papp	4f890ff712	Typo fix	2024-06-19 18:17:52 +02:00
Zoltán Papp	f7e6aa9b8f	Change logging logic	2024-06-19 18:16:43 +02:00
Zoltán Papp	81f2330d49	Fix remote address in ws client	2024-06-19 18:16:23 +02:00
Zoltán Papp	0261e15aad	Extend the cmd with argument handling - add cobra to relay server - add logger instance for handshaker	2024-06-19 17:40:16 +02:00
Zoltán Papp	11de2ec42e	Fix open connection	2024-06-19 12:18:58 +02:00
Zoltán Papp	4d2a25b728	Code cleaning	2024-06-19 11:53:21 +02:00
Zoltán Papp	2f32e0d8cf	Fix chicken-egg problem in the ice agent creation	2024-06-19 11:28:01 +02:00
Zoltán Papp	48310ef99c	Fix engine test	2024-06-19 09:59:01 +02:00
Zoltán Papp	24f71bc68a	Fix and extend test	2024-06-19 09:40:43 +02:00
Zoltán Papp	e26e2c3a75	Add conn status handling and protect agent	2024-06-18 17:40:37 +02:00
Zoltán Papp	a5e664d83d	Code cleaning	2024-06-18 11:27:18 +02:00
Zoltán Papp	d8ab3c1632	Call peer.Open from engine	2024-06-18 11:23:39 +02:00
Zoltán Papp	63b4041e9c	Rename connector to worker	2024-06-18 11:22:40 +02:00
Zoltán Papp	f7d8d03e55	Fix timers	2024-06-18 11:20:01 +02:00
Zoltán Papp	5b86a7f3f2	Fix relay mode evaulation	2024-06-18 11:10:55 +02:00
Zoltán Papp	deb8203f06	fix circle import	2024-06-17 18:02:52 +02:00
Zoltán Papp	e407fe02c5	Separate lifecircle of handshake, ice, relay connections - fix Stun, Turn address update thread safety issue - move conn worker login into peer package	2024-06-17 17:52:22 +02:00
Zoltán Papp	a7760bf0a7	Configurable relay address with env variable	2024-06-14 15:43:18 +02:00
Zoltan Papp	64f949abbb	Integrate relay into peer conn - extend mgm with relay address - extend signaling with remote peer's relay address - start setup relay connection before engine start	2024-06-14 14:40:31 +02:00
Zoltan Papp	38f2a59d1b	Add comment	2024-06-12 10:56:21 +02:00
Zoltan Papp	9504012920	Set the proper buffer size in the client code	2024-06-09 21:10:57 +02:00
Zoltan Papp	5e93d117cf	Use buf pool - eliminate reader function generation - fix write to closed channel panic	2024-06-09 20:33:35 +02:00
Zoltan Papp	8c70b7d7ff	Replace ws lib on client side	2024-06-09 12:41:52 +02:00
Zoltan Papp	ed8def4d9b	Protect ws writing in Gorilla ws	2024-06-07 16:07:35 +02:00
Zoltán Papp	1e115e3893	Merge branch 'main' into feature/relay	2024-06-06 13:38:40 +02:00
Zoltan Papp	fed9e587af	Add close message type	2024-06-05 19:49:30 +02:00
Zoltan Papp	a40d4d2f32	- add comments - avoid double closing messages - add cleanup routine for relay manager	2024-06-04 14:40:35 +02:00
Zoltán Papp	15818b72c6	Add alternative ws server implementation	2024-06-03 21:38:37 +02:00
Zoltán Papp	0556dc1860	Avoid nil pointer exception in test in case of err	2024-06-03 21:36:46 +02:00
Zoltán Papp	2b369cd28f	Add quic transporter	2024-06-03 20:17:43 +02:00
Zoltán Papp	9d44a476c6	Fix double unlock in client.go	2024-06-03 20:14:39 +02:00
Zoltán Papp	57ddb5f262	Add comment	2024-06-03 11:22:16 +02:00
Zoltan Papp	4ced07dd8d	Fix close conn threading issue	2024-06-03 01:37:56 +02:00
Zoltán Papp	3430b81622	Add relay server tracking	2024-06-01 11:48:15 +02:00
Zoltán Papp	fd4ad15c83	Move reconnection logic to separated struct	2024-06-01 11:25:00 +02:00
Zoltán Papp	4ff069a102	Support multiple server	2024-05-29 16:40:26 +02:00
Zoltán Papp	7cc3964a4d	Use mux for http server Without it can not start multiple http server instances for unit tests	2024-05-29 16:11:58 +02:00
Zoltan Papp	6d627f1923	Code cleaning	2024-05-28 01:27:53 +02:00
Zoltan Papp	076ce69a24	Add reconnect logic	2024-05-28 01:00:25 +02:00
Zoltán Papp	645a1f31a7	Fix writing/reading to a closed conn	2024-05-27 10:25:08 +02:00
Zoltán Papp	b4aa7e50f9	Close sockets on server cmd	2024-05-27 09:42:27 +02:00
Zoltán Papp	173ca25dac	Fix in client the close event	2024-05-26 22:14:33 +02:00
Zoltán Papp	36b2cd16cc	Remove channel binding logic	2024-05-23 13:24:02 +02:00
Zoltán Papp	0a05f8b4d4	Use buffer pool and protect exported functions	2024-05-22 00:38:41 +02:00
Zoltán Papp	e82c0a55a3	Set to blocking the message queue	2024-05-21 16:21:29 +02:00
Zoltán Papp	13eb457132	Add registration response message to the communication	2024-05-21 15:51:37 +02:00
Zoltan Papp	1c9c9ae47e	Remove sync.pool	2024-05-20 11:38:23 +02:00
Zoltan Papp	9ac5a1ed3f	Add udp listener and did some change for debug purpose.	2024-05-19 12:41:06 +02:00
Zoltan Papp	d4eaec5cbd	Followup messages modification	2024-05-17 23:41:47 +02:00
Zoltan Papp	6ae7a790f2	Fix buffer handling	2024-05-17 23:29:47 +02:00
Zoltan Papp	49dfbc82d9	Add relay cmd	2024-05-17 20:24:06 +02:00
Zoltan Papp	57a89cf0cc	Add initial relay code	2024-05-17 17:43:28 +02:00